The source code license here is surprisingly good, the "other parts of the specification" license is the problem. It's effectively discrimination by field of endeavor. I would make sure they're only including the source code + license documents and copyright notices.
On Tue, Jan 28, 2025, 07:57 Simon Josefsson <si...@josefsson.org> wrote: > Hi > > I'm working on packaging https://github.com/google/go-tpm-tools/ which > has a LICENSE file that claims: > > A portion of the source code is derived from the TPM specification, > which has a TCG copyright. It is reproduced here for reference. > > The file has some other problem [1], so I'm not confident that this part > is actually still a valid statement, but I reckon it is reasonable to > assume so until some clarification is available. > > That begs the question, is the license below suitable for inclusion into > Debian main? See verbatim quote below. > > /Simon > > [1] https://github.com/google/go-tpm-tools/issues/533 > > Licenses and Notices > Copyright Licenses: > > * Trusted Computing Group (TCG) grants to the user of the source code > in this specification (the "Source Code") a worldwide, irrevocable, > nonexclusive, royalty free, copyright license to reproduce, create > derivative works, distribute, display and perform the Source Code and > derivative works thereof, and to grant others the rights granted > herein. > > * The TCG grants to the user of the other parts of the specification > (other than the Source Code) the rights to reproduce, distribute, > display, and perform the specification solely for the purpose of > developing products based on such documents. > > Source Code Distribution Conditions: > > * Redistributions of Source Code must retain the above copyright > licenses, this list of conditions and the following disclaimers. > > * Redistributions in binary form must reproduce the above copyright > licenses, this list of conditions and the following disclaimers in the > documentation and/or other materials provided with the distribution. > > Disclaimers: > > * THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF > LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH > RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) > THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR > OTHERWISE. Contact TCG Administration > (ad...@trustedcomputinggroup.org) for information on specification > licensing rights available through TCG membership agreements. > > * THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED > WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR > FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR > NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY > OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. > > * Without limitation, TCG and its members and licensors disclaim all > liability, including liability for infringement of any proprietary > rights, relating to use of information in this specification and to > the implementation of this specification, and TCG disclaims all > liability for cost of procurement of substitute goods or services, > lost profits, loss of use, loss of data or any incidental, > consequential, direct, indirect, or special damages, whether under > contract, tort, warranty or otherwise, arising in any way out of use > or reliance upon this specification or any information herein. > > Any marks and brands contained herein are the property of their > respective owners. >
