1. Forum
  2. Usenet
  3. LINUX.DEBIAN.LEGAL

  • License review: Trusted Computing Group

    From Simon Josefsson@21:1/5 to All on Tue Jan 28 14:00:01 2025
    Hi

    I'm working on packaging https://github.com/google/go-tpm-tools/ which
    has a LICENSE file that claims:

    A portion of the source code is derived from the TPM specification,
    which has a TCG copyright. It is reproduced here for reference.

    The file has some other problem [1], so I'm not confident that this part
    is actually still a valid statement, but I reckon it is reasonable to
    assume so until some clarification is available.

    That begs the question, is the license below suitable for inclusion into
    Debian main? See verbatim quote below.

    /Simon

    [1] https://github.com/google/go-tpm-tools/issues/533

    Licenses and Notices
    Copyright Licenses:

    * Trusted Computing Group (TCG) grants to the user of the source code
    in this specification (the "Source Code") a worldwide, irrevocable, nonexclusive, royalty free, copyright license to reproduce, create
    derivative works, distribute, display and perform the Source Code and derivative works thereof, and to grant others the rights granted
    herein.

    * The TCG grants to the user of the other parts of the specification
    (other than the Source Code) the rights to reproduce, distribute,
    display, and perform the specification solely for the purpose of
    developing products based on such documents.

    Source Code Distribution Conditions:

    * Redistributions of Source Code must retain the above copyright
    licenses, this list of conditions and the following disclaimers.

    * Redistributions in binary form must reproduce the above copyright
    licenses, this list of conditions and the following disclaimers in the documentation and/or other materials provided with the distribution.

    Disclaimers:

    * THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF
    LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH
    RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)
    THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR
    OTHERWISE. Contact TCG Administration
    ([email protected]) for information on specification
    licensing rights available through TCG membership agreements.

    * THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED
    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR
    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR
    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY
    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.

    * Without limitation, TCG and its members and licensors disclaim all
    liability, including liability for infringement of any proprietary
    rights, relating to use of information in this specification and to
    the implementation of this specification, and TCG disclaims all
    liability for cost of procurement of substitute goods or services,
    lost profits, loss of use, loss of data or any incidental,
    consequential, direct, indirect, or special damages, whether under
    contract, tort, warranty or otherwise, arising in any way out of use
    or reliance upon this specification or any information herein.

    Any marks and brands contained herein are the property of their
    respective owners.

    --=-=-Content-Type: application/pgp-signature; name="signature.asc"

    -----BEGIN PGP SIGNATURE-----

    iQNoBAEWCAMQFiEEo8ychwudMQq61M8vUXIrCP5HRaIFAmeY1EwUHHNpbW9uQGpv c2Vmc3Nvbi5vcmfCHCYAmDMEXJLOtBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9f V+QlTmXxo2naObDuGtw58YaxlOu0JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9z ZWZzc29uLm9yZz6IlgQTFggAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYh BLHSvRN1vst4TPT4xNc89jjFPAa+BQJl/YgIBQkLehFUAAoJENc89jjFPAa+CboA +wUa06RD5e5VTCxvSWtPS75Wq2qBeYGZnf0jvUMxa2n4AP4xkUeAPPnNuMsTm2fs FCDIGaEM2Yn6Vb2huzzT1Fw/BLgzBFySz4EWCSsGAQQB2kcPAQEHQOxTCIOaeXAx I2hIX4HK9bQTpNVei708oNr1Klm8qCGKiPUEGBYIACYCGwIWIQSx0r0Tdb7LeEz0 +MTXPPY4xTwGvgUCZf2IKwUJC3oQqgCBdiAEGRYIAB0WIQSjzJyHC50xCrrUzy9R cisI/kdFogUCXJLPgQAKCRBRcisI/kdFoqdMAQCgH45aseZgIrwKOvUOA9QfsmeE 8GZHYNuFHmM9FEQS6AD6A4x5aYvoY6lo98pgtw2HPDhmcCXFItjXCrV4A0GmJA4J ENc89jjFPAa+GcYA/26YQY05bLtnXiIjTiAzrGQrRXxTHPA8Av7TDFHvIetWAP9s HSoU8OfTwmTiEnGwLlsV7QJclZg3YNz/Ypcp9TqQBrg4BFySz2oSCisGAQQBl1UB BQEBB0AxlRumDW6nZY7A+VCfek9VpEx6PJmdJyYPt3lNHMd6HAMBCAeIfgQYFggA JgIbDBYhBLHSvRN1vst4TPT4xNc89jjFPAa+BQJl/YgwBQkLehDGAAoJENc89jjF PAa+phoA/jrDqIrl/55vUMBhIQv+TP635d2iCTEnyFmbUcP9+gh6APoDsXalVd2c OGxQtSC+TF8PkZMn1TLkJKAjVxr+xx40AgAKCRBRcisI/kdFokeOAP9qAFvBdgQQ E4+vPO+xpBW/FrvaIMUrugKzrySBM2taLwEAwBvS4fWxEZLSyEIug826AlX59ndQ y/BKO8uKogKKDQ4\kU
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Soren Stoutner@21:1/5 to All on Tue Jan 28 10:52:38 2025
    This is a multi-part message in MIME format.

    --nextPart2422940.3c9HiEOlIg
    Content-Transfer-Encoding: quoted-printable
    Content-Type: text/plain; charset="utf-8"

    On Tuesday, January 28, 2025 6:04:16 AM MST Daniel Hakimi wrote:
    The source code license here is surprisingly good, the "other parts of the specification" license is the problem. It's effectively discrimination by field of endeavor. I would make sure they're only including the source code
    + license documents and copyright notices.

    I concur with that assessment.

    On Tue, Jan 28, 2025, 07:57 Simon Josefsson <[email protected]> wrote:
    Hi

    I'm working on packaging https://github.com/google/go-tpm-tools/ which

    has a LICENSE file that claims:
    A portion of the source code is derived from the TPM specification,
    which has a TCG copyright. It is reproduced here for reference.

    The file has some other problem [1], so I'm not confident that this part
    is actually still a valid statement, but I reckon it is reasonable to assume so until some clarification is available.

    That begs the question, is the license below suitable for inclusion into Debian main? See verbatim quote below.

    /Simon

    [1] https://github.com/google/go-tpm-tools/issues/533

    Licenses and Notices
    Copyright Licenses:

    * Trusted Computing Group (TCG) grants to the user of the source code
    in this specification (the "Source Code") a worldwide, irrevocable, nonexclusive, royalty free, copyright license to reproduce, create derivative works, distribute, display and perform the Source Code and derivative works thereof, and to grant others the rights granted
    herein.

    * The TCG grants to the user of the other parts of the specification
    (other than the Source Code) the rights to reproduce, distribute,
    display, and perform the specification solely for the purpose of
    developing products based on such documents.

    Source Code Distribution Conditions:

    * Redistributions of Source Code must retain the above copyright
    licenses, this list of conditions and the following disclaimers.

    * Redistributions in binary form must reproduce the above copyright licenses, this list of conditions and the following disclaimers in the documentation and/or other materials provided with the distribution.

    Disclaimers:

    * THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)
    THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR
    OTHERWISE. Contact TCG Administration
    ([email protected]) for information on specification licensing rights available through TCG membership agreements.

    * THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR
    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY
    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.

    * Without limitation, TCG and its members and licensors disclaim all liability, including liability for infringement of any proprietary
    rights, relating to use of information in this specification and to
    the implementation of this specification, and TCG disclaims all
    liability for cost of procurement of substitute goods or services,
    lost profits, loss of use, loss of data or any incidental,
    consequential, direct, indirect, or special damages, whether under contract, tort, warranty or otherwise, arising in any way out of use
    or reliance upon this specification or any information herein.

    Any marks and brands contained herein are the property of their
    respective owners.


    --
    Soren Stoutner
    [email protected]

    --nextPart2422940.3c9HiEOlIg
    Content-Transfer-Encoding: quoted-printable
    Content-Type: text/html; charset="utf-8"

    <html>
    <head>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
    </head>
    <body><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">On Tuesday, January 28, 2025 6:04:16 AM MST Daniel Hakimi wrote:</p>
    <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; The source code license here is surprisingly good, the &quot;other parts of the</p>
    <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; specification&quot; license is the problem. It's effectively discrimination by</p>
    <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; field of endeavor. I would make sure they're only including the source code</p>
    <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; + license documents and copyright notices.</p>
    <br /><p style="margin-t