Intel permission to use Intel confidential data in the Arch dependency
luisapace opened this issue · comments
Hi, my team would use Loggregator-release V102 and to approve that I've to verify all its licenses and those of its dependencies chain, analyzing their source code.
Now Loggregator-release V102 has Arch (at https://github.com/golang/arch) as dependency; Arch include a file at "arch/x86/x86avxgen/testdata/xedpath/all-dec-instructions.txt", that contains some pieces of code Intel Confidential, here below the Legal text of that code:
#BEGIN_LEGAL
#INTEL CONFIDENTIAL
#Copyright (c) 2017, Intel Corporation. All rights reserved.
#The source code contained or described herein and all documents
#related to the source code ("Material") are owned by Intel Corporation
#or its suppliers or licensors. Title to the Material remains with
#Intel Corporation or its suppliers and licensors. The Material
#contains trade secrets and proprietary and confidential information of
#Intel or its suppliers and licensors. The Material is protected by
#worldwide copyright and trade secret laws and treaty provisions. No
#part of the Material may be used, copied, reproduced, modified,
#published, uploaded, posted, transmitted, distributed, or disclosed in
#any way without Intel's prior express written permission.
#No license under any patent, copyright, trade secret or other
#intellectual property right is granted to or conferred upon you by
#disclosure or delivery of the Materials, either expressly, by
#implication, inducement, estoppel or otherwise. Any license under such
#intellectual property rights must be express and approved by Intel in
#writing.
#END_LEGAL
Based on that, to use Arch (that contain that Intel code) an Intel's prior express written permission it's needed, and if you have already obtained I can allow the use of Arch.
So, my question is: do you have obtained the permission to use that code coming from Arch?
Or do you know that it could not be needed for any reason that I don't imagine?
Thanks a lot for your support.
We have created an issue in Pivotal Tracker to manage this:
https://www.pivotaltracker.com/story/show/166062614
The labels on this github issue will be updated when the story is started.
Hi there,
Thanks for the heads up on this. Looking through the source code, I don't see any reference go golang/arch
. It's not in our src
directory and grep
isn't turning up anything either.
Would you mind linking to the dependency? Thanks!
Let me explain shortly how we get to that .
The all-dec-instructions.txt which contains the INTEL CONFIDENTIAL label comes from this chain:
-
loggregator references golang/go1.9.4.linux-amd64.tar.gz in blobs.yml
-
running the following commands you get the blob:
git clone https://github.com/cloudfoundry/loggregator-release
git checkout tags/v102.0
git submodule update --recursive --init
bosh sync-blobs -
un-tarring the go1.9.4.linux-amd64.tar.gz you get ./loggregator-release-v102.0/loggregator-release/blobs/golang/go1.9.4.linux-amd64/go/src/cmd/internal/objfile/disasm.go
-
in disasm.go there is the import "golang.org/x/arch/x86/x86asm"
-
cloning it with
git clone ssh://git@github.com/golang/arch
you obtain the sources that include ./x86/x86avxgen/testdata/xedpath/all-dec-instructions.txt
So the issue seems with arch package that is an external dependency of go1.9.4.linux-amd64 rather than loggregator code itself
Hello @mlicursi @luisapace
We've looked into this and discovered a couple of things. The library you found is only linked and distributed when built against ARM architecture. We're shipping source rather than binaries and we don't compile against ARM. As a result, we're not distributing any proprietary code.
@luisapace @mlicursi +1 to the statement from @MasslessParticle above.
We're not distributing any proprietary code, as we don't compile against ARM architecture either.