Coldcard also built on many open source libraries (not just Trezor's) when they designed their product. For them to start whining about people building up their open source library is just pure hypocrisy.

The code is verifiable, not open source. Open source code is freely available to be used, built upon, modified, etc. Coldcard code is no longer open source.

Here's a post from the CEO of Passport about this: https://www.zherbert.com/an-open-letter-to-nvk-and-coldcard/