On Tuesday, January 28, 2025 6:04:16 AM MST Daniel Hakimi wrote: > The source code license here is surprisingly good, the "other parts of the > specification" license is the problem. It's effectively discrimination by > field of endeavor. I would make sure they're only including the source code > + license documents and copyright notices.
I concur with that assessment. > On Tue, Jan 28, 2025, 07:57 Simon Josefsson <si...@josefsson.org> wrote: > > Hi > > > > I'm working on packaging https://github.com/google/go-tpm-tools/ which > > > > has a LICENSE file that claims: > > A portion of the source code is derived from the TPM specification, > > which has a TCG copyright. It is reproduced here for reference. > > > > The file has some other problem [1], so I'm not confident that this part > > is actually still a valid statement, but I reckon it is reasonable to > > assume so until some clarification is available. > > > > That begs the question, is the license below suitable for inclusion into > > Debian main? See verbatim quote below. > > > > /Simon > > > > [1] https://github.com/google/go-tpm-tools/issues/533 > > > > Licenses and Notices > > Copyright Licenses: > > > > * Trusted Computing Group (TCG) grants to the user of the source code > > in this specification (the "Source Code") a worldwide, irrevocable, > > nonexclusive, royalty free, copyright license to reproduce, create > > derivative works, distribute, display and perform the Source Code and > > derivative works thereof, and to grant others the rights granted > > herein. > > > > * The TCG grants to the user of the other parts of the specification > > (other than the Source Code) the rights to reproduce, distribute, > > display, and perform the specification solely for the purpose of > > developing products based on such documents. > > > > Source Code Distribution Conditions: > > > > * Redistributions of Source Code must retain the above copyright > > licenses, this list of conditions and the following disclaimers. > > > > * Redistributions in binary form must reproduce the above copyright > > licenses, this list of conditions and the following disclaimers in the > > documentation and/or other materials provided with the distribution. > > > > Disclaimers: > > > > * THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF > > LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH > > RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) > > THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR > > OTHERWISE. Contact TCG Administration > > (ad...@trustedcomputinggroup.org) for information on specification > > licensing rights available through TCG membership agreements. > > > > * THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED > > WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR > > FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR > > NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY > > OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. > > > > * Without limitation, TCG and its members and licensors disclaim all > > liability, including liability for infringement of any proprietary > > rights, relating to use of information in this specification and to > > the implementation of this specification, and TCG disclaims all > > liability for cost of procurement of substitute goods or services, > > lost profits, loss of use, loss of data or any incidental, > > consequential, direct, indirect, or special damages, whether under > > contract, tort, warranty or otherwise, arising in any way out of use > > or reliance upon this specification or any information herein. > > > > Any marks and brands contained herein are the property of their > > respective owners. -- Soren Stoutner so...@debian.org
signature.asc
Description: This is a digitally signed message part.
