Bug: adding 'version=2' makes license checks start failing.
eric-seppanen opened this issue Β· comments
Describe the bug
I upgraded my deny.toml
to use version = 2
in the [licenses]
section.
After making that change, a new failure appears, due to the license string "LGPL-2.1-or-later WITH GCC-exception-2.0"
in the systemd
crate:
error[rejected]: failed to satisfy license requirements
ββ systemd 0.10.0 (registry+https://github.com/rust-lang/crates.io-index):4:12
β
4 β license = "LGPL-2.1-or-later WITH GCC-exception-2.0"
β ^^^^^^^^^^^^^^^^^-----------------------
β β
β license expression retrieved via Cargo.toml `license`
β rejected: license was not explicitly allowed
β
= LGPL-2.1 - GNU Lesser General Public License v2.1 only:
= - **DEPRECATED**
= - OSI approved
= - FSF Free/Libre
= - Copyleft
= systemd v0.10.0
βββ license-test v0.1.0
I have tried allowing LGPL-2.1
, and that fails with the same message. I also tried LGPL-2.1-or-later WITH GCC-exception-2.0
, LGPL-2.1-or-later
, LGPL-2.1+
, but those appear to be the wrong syntax.
I have read through #606 and #611, and I wasn't able to figure out why this behavior changed.
To reproduce
A small project that shows the problem:
deny.toml
[licenses]
# Uncomment to see the problem
#version = 2
# List of explicitly allowed licenses
# See https://spdx.org/licenses/ for list of possible licenses
# [possible values: any SPDX 3.11 short identifier (+ optional exception)].
allow = [
"MIT",
"Unicode-DFS-2016",
"Unlicense",
]
Cargo.toml
[package]
name = "license-test"
version = "0.1.0"
edition = "2021"
license = "MIT"
[dependencies]
systemd = "0.10.0"
cargo-deny version
cargo-deny 0.14.16
What OS were you running cargo-deny on?
Linux
Additional context
No response
I found a string that works: LGPL-2.1-or-later WITH GCC-exception-2.0
-> LGPL-2.1 WITH GCC-exception-2.0
, though I'm not sure if I was supposed to add +
to reflect the -or-later
part.
I'm still puzzled why the behavior changed when I added version = 2
.
This is documented. As are the annoyances with GPLish licenses.
I have read that documentation, and I'm afraid I don't understand which part of the version = 2
changes trigger different behavior with this license. Can you clarify?
Copyleft licenses are warn by default before setting version = 2
Thanks for the clarification. I was going back through my output when I figured out part of my problem: I was confused because license warn
ings don't look the same as license deny
errors.
My naive expectation is that a license warning and a license error would look similar, but one would fail the check and the other wouldn't.
A license warning says warning[accepted]: license requirements satisfied
which I found (and still find) kind of misleading. It seems to be asserting something that's not true! The license requirements were not satisfied.
That was one of the issues that this deprecation is addressing.