Handle GNU shenanigans correctly

[pikajude]

Here's my deny.toml:

[licenses]
deny = ["GPL-1.0-or-later"]

and Cargo.toml:

[package]
name = "cargo-deny-test"
version = "0.1.0"
edition = "2018"
license = "GPL-1.0"

I would expect cargo deny to reject this crate. However:

warning: license requirements satisfied

   ┌── cargo-deny-test 0.1.0 (path+file:///Users/judetaylor/.code/cargo-deny-test):4:12 ───
   │
 4 │ license = "GPL-1.0"
   │            ^^^^^^^ license expression retrieved via Cargo.toml `license`
   ·
 4 │ license = "GPL-1.0"
   │            ------- accepted: license is considered copyleft
   │
   = cargo-deny-test v0.1.0

Is this intended? Are these two GPL licenses actually considered distinct?

[Jake-Shadle]

Ahh ok, looks like I actually need to get around to this TODO.

If you're concerned about copyleft licenses, you can also deny all of them, and if you want to be more granular, specifying 1 or more copyleft licenses as allow will allow only those specific ones, before it does the copyleft check.

[pikajude]

Okay, tyvm for the response!

[Jake-Shadle]

So to clarify, what you tried to do in your example would still not work, however, it would work if you swapped GPL-1.0-or-later with GPL-1.0 as GNU style licenses are now handled the same as all the other licenses, namely, it is the license holder's decision to say if their code can be licensed with a specific version eg. GPL-2.0-only or that version and all future versions GPL-2.0-or-later, and you as the licensee then say if you wish to license under eg. GPL-2.0 or GPL-3.0.

Hope this is clear, but I will update the README about these weird GNU licenses in a separate issue.