On 15/03/2022 14.33, Alexandru Elisei wrote:
Hi, Arm is planning to upstream tests that are being developed as part of the Confidential Compute Architecture [1]. Some of the tests target the attestation part of creating and managing a confidential compute VM, which requires the manipulation of messages in the Concise Binary Object Representation (CBOR) format [2]. I would like to ask if it would be acceptable from a license perspective to include the QCBOR library [3] into kvm-unit-tests, which will be used for encoding and decoding of CBOR messages. The library is licensed under the 3-Clause BSD license, which is compatible with GPLv2 [4]. Some of the files that were created inside Qualcomm before the library was open-sourced have a slightly modified 3-Clause BSD license, where a NON-INFRINGMENT clause is added to the disclaimer: "THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE **AND NON-INFRINGEMENT** ARE DISCLAIMED" (emphasis by me on the added clause). The files in question include the core files that implement the encode/decode functionality, and thus would have to be included in kvm-unit-tests. I believe that the above modification does not affect the compatibility with GPLv2.
IANAL, but I think it should be ok to add those files to the kvm-unit-tests. With regards to the "non-infringement" extension, it seems to be the one mentioned here: https://enterprise.dejacode.com/licenses/public/bsd-x11/ ... and on the "license condition" tab they mention that it is compatible with the GPL. On gnu.org, they list e.g. the https://www.gnu.org/licenses/license-list.html#X11License which also contains a "non-infringement" statement, so that should really be compatible.
Thomas
