-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dependency x509-certificate
has copy-left MPL-2.0 license
#20
Comments
One option would be to use x509-cert instead: https://docs.rs/x509-cert/0.2.5/x509_cert MPL isn't viral, but I understand it's difficult to argue with company policy rustls exposes a pretty low level interface: https://docs.rs/rustls-pki-types/latest/rustls_pki_types/struct.AlgorithmIdentifier.html but could make sense creating another crate which understands |
The MPL 2.0 FAQ:
AFAICT MPL 2.0 was specifically designed in a way that allows it to be used in proprietary software as a library. |
This just came up in my automatic license check using
cargo-deny
and I wanted to raise awareness, because in my project and company this is a problem.#14 brought in the crate
x509-certificate
, which has the copy-left MPL-2.0 license.tokio-postgres-rustls
is pretty fundamental infrastructure: when a project uses Postgres and Rust, the chances are good, that this crate is used. Keeping the licenses permissive would allow it to be used in environments that ban the use of copy-left licenses.Would this crate be open to exchanging that dependency?
In my naive view,
rustls
should have all the x509 infrastructure included, becauserustls
also needs certificate parsing. It would be great to work with the already existing dependencies. But I also read the docs and have not yet found how to get the required information.The text was updated successfully, but these errors were encountered: