You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
I depend on a rust library called mbedtls, and I get the following error:
error[unlicensed]: mbedtls = 0.8.1 is unlicensed
┌─ mbedtls 0.8.1 (git+https://github.com/mobilecoinfoundation/rust-mbedtls.git?rev=98d3af413c1e23ea89cc5f41ab4dddb1944405af#98d3af413c1e23ea89cc5f41ab4dddb1944405af):2:9
│
2 │ name = "mbedtls"
│ ^^^^^^^ a valid license expression could not be retrieved for the crate
3 │ version = "0.8.1"
4 │ license = "Apache-2.0 OR GPL-2.0+"
│ - a GNU license was followed by a `+`
│
Describe the solution you'd like
It would be cool if one of the following two things would happen:
GPL-2.0+ were interpreted as GPL-2.0-or-later by cargo deny
When an OR expression occurs in the license, if the one side is known and valid, it doesn't matter if the other side is. This would help me because Apache-2.0 is in my allowed list. (I realize it might be complicated to implement though)
Now that I read more about this, maybe this isn't compatible with SPDX spec? I am not sure
Describe alternatives you've considered
Adding a clarify field or some kind of exception for the mbedtls crate in my case
AFAIK I can't clarify the license when the string can't be parsed like this. (This feature proposal would allow me to add an exception for mbedtls being "unlicensed": #451)
Possibly, filing an issue upstream with mbedtls to see if they will change how they spell this.
Additional context
None, thanks for making cargo-deny
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
I depend on a rust library called
mbedtls
, and I get the following error:Describe the solution you'd like
It would be cool if one of the following two things would happen:
GPL-2.0+
were interpreted asGPL-2.0-or-later
by cargo denyNow that I read more about this, maybe this isn't compatible with SPDX spec? I am not sure
Describe alternatives you've considered
Adding a clarify field or some kind of exception for the
mbedtls
crate in my caseAFAIK I can't clarify the license when the string can't be parsed like this. (This feature proposal would allow me to add an exception for mbedtls being "unlicensed": #451)
Possibly, filing an issue upstream with mbedtls to see if they will change how they spell this.
Additional context
None, thanks for making cargo-deny
The text was updated successfully, but these errors were encountered: