On Tuesday, January 28, 2025 6:04:16 AM MST Daniel Hakimi wrote:
> The source code license here is surprisingly good, the "other parts of the
> specification" license is the problem. It's effectively discrimination by
> field of endeavor. I would make sure they're only including the source code
> + license documents and copyright notices.
I concur with that assessment.
> On Tue, Jan 28, 2025, 07:57 Simon Josefsson <simon@josefsson.org> wrote:
> > Hi
> >
> > I'm working on packaging https://github.com/google/go-tpm-tools/ which
> >
> > has a LICENSE file that claims:
> > A portion of the source code is derived from the TPM specification,
> > which has a TCG copyright. It is reproduced here for reference.
> >
> > The file has some other problem [1], so I'm not confident that this part
> > is actually still a valid statement, but I reckon it is reasonable to
> > assume so until some clarification is available.
> >
> > That begs the question, is the license below suitable for inclusion into
> > Debian main? See verbatim quote below.
> >
> > /Simon
> >
> > [1] https://github.com/google/go-tpm-tools/issues/533
> >
> > Licenses and Notices
> > Copyright Licenses:
> >
> > * Trusted Computing Group (TCG) grants to the user of the source code
> > in this specification (the "Source Code") a worldwide, irrevocable,
> > nonexclusive, royalty free, copyright license to reproduce, create
> > derivative works, distribute, display and perform the Source Code and
> > derivative works thereof, and to grant others the rights granted
> > herein.
> >
> > * The TCG grants to the user of the other parts of the specification
> > (other than the Source Code) the rights to reproduce, distribute,
> > display, and perform the specification solely for the purpose of
> > developing products based on such documents.
> >
> > Source Code Distribution Conditions:
> >
> > * Redistributions of Source Code must retain the above copyright
> > licenses, this list of conditions and the following disclaimers.
> >
> > * Redistributions in binary form must reproduce the above copyright
> > licenses, this list of conditions and the following disclaimers in the
> > documentation and/or other materials provided with the distribution.
> >
> > Disclaimers:
> >
> > * THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF
> > LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH
> > RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)
> > THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR
> > OTHERWISE. Contact TCG Administration
> > (admin@trustedcomputinggroup.org) for information on specification
> > licensing rights available through TCG membership agreements.
> >
> > * THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED
> > WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR
> > FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR
> > NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY
> > OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.
> >
> > * Without limitation, TCG and its members and licensors disclaim all
> > liability, including liability for infringement of any proprietary
> > rights, relating to use of information in this specification and to
> > the implementation of this specification, and TCG disclaims all
> > liability for cost of procurement of substitute goods or services,
> > lost profits, loss of use, loss of data or any incidental,
> > consequential, direct, indirect, or special damages, whether under
> > contract, tort, warranty or otherwise, arising in any way out of use
> > or reliance upon this specification or any information herein.
> >
> > Any marks and brands contained herein are the property of their
> > respective owners.
--
Soren Stoutner
soren@debian.org
Attachment:
signature.asc
Description: This is a digitally signed message part.