Bug: unable to allow intel/ittapi

Question

Bug: unable to allow intel/ittapi

dignifiedquire opened this issue 2 months ago · comments

Friedel Ziegelmayer commented 2 months ago

Describe the bug

I am allowing BSD 3 Clause licenses in my project, but I have been unable to build a configuration that clarifies the license for https://github.com/intel/ittapi/ in a way that cargo deny accepts

To reproduce

Add https://github.com/intel/ittapi/ to the project and run cargo deny

cargo-deny version

0.14.20

What OS were you running cargo-deny on?

MacOS

Additional context

No response

Jake Shadle · Answer 1 · Wed Apr 24 2024 14:16:07 GMT+0800 (China Standard Time)

ittapi and ittapi-sys clearly state their license in the package manifest https://github.com/intel/ittapi/blob/e20cd6099cb9c5afee0a285781c5cc1d32412f3e/rust/ittapi/Cargo.toml#L10 so I'm not sure why a clarification is desired?

Friedel Ziegelmayer · Answer 2 · Wed Apr 24 2024 15:42:05 GMT+0800 (China Standard Time)

because cargo deny rejects it, even though I allowe Bsd

Jake Shadle · Answer 3 · Wed Apr 24 2024 16:47:48 GMT+0800 (China Standard Time)

Can you please show the exact error?

Friedel Ziegelmayer · Answer 4 · Wed Apr 24 2024 17:14:08 GMT+0800 (China Standard Time)

❯ cargo deny check
warning[accepted]: license requirements satisfied
  ┌─ registry+https://github.com/rust-lang/crates.io-index#ittapi@0.4.0:4:12
  │
4 │ license = "GPL-2.0-only OR BSD-3-Clause"
  │            ---------------------------- license expression retrieved via Cargo.toml `license`
  │
  = ittapi v0.4.0
    └── wasmtime v19.0.2
        ├── iroh-fog v0.1.0
        ├── wasi-common v19.0.2
        │   └── <source crate> v0.1.0 (*)
        ├── wasmtime-wasi v19.0.2
        │   └── <source crate> v0.1.0 (*)
        └── wiggle v19.0.2
            ├── wasi-common v19.0.2 (*)
            └── wasmtime-wasi v19.0.2 (*)

Jake Shadle · Answer 5 · Wed Apr 24 2024 17:24:15 GMT+0800 (China Standard Time)

That's not an error, it's telling you that the license requirements were satisfied. The reason it is a warning is because you have either copyleft = 'warn' or default = 'warn' in your config.

Friedel Ziegelmayer · Answer 6 · Wed Apr 24 2024 17:59:21 GMT+0800 (China Standard Time)

Is that enabled by default? this is my current license config

[licenses]
allow = [
      "Apache-2.0",
      "Apache-2.0 WITH LLVM-exception",
      "BSD-2-Clause",
      "BSD-3-Clause",
      "BSL-1.0", # BOSL license
      "ISC",
      "MIT",
      "Unicode-DFS-2016",
      "Zlib",
      "OpenSSL",
      "MPL-2.0", # https://fossa.com/blog/open-source-software-licenses-101-mozilla-public-license-2-0/
      "CC0-1.0",
]
clarify = [
    { name = "ring", expression = "OpenSSL", license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }] },
]

Jake Shadle · Answer 7 · Wed Apr 24 2024 18:15:30 GMT+0800 (China Standard Time)

They are enabled by default, use version = 2 to opt-in to the future breaking change that removes copyleft/default. https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html#the-version-field-optional

Friedel Ziegelmayer · Answer 8 · Wed Apr 24 2024 18:25:52 GMT+0800 (China Standard Time)

I see, thanks for the clarifications!