Skip to content

cargo complains about both license and license-file being used. #11438

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
bk2204 opened this issue Nov 29, 2022 · 3 comments
Closed

cargo complains about both license and license-file being used. #11438

bk2204 opened this issue Nov 29, 2022 · 3 comments
Labels
C-bug Category: bug

Comments

@bk2204
Copy link
Contributor

bk2204 commented Nov 29, 2022

Problem

Cargo complains about both license and license-file being provided. However, most open source licenses and most international copyright treaties (and hence, most nations' laws) require the preservation of copyright notices. It is useful to provide an SPDX license identifier to help automated systems discover and process the license, but providing a copy of the copyright and license notice is still mandatory. Hence, it is beneficial to provide both of these at the same time, and Cargo should not warn about them both being present.

Examples of licenses which require the preservation of copyright notices as a condition of the license grant include the MIT License, the Apache License version 2.0, and the GNU General Public License v2.

Steps

  1. Create a new cargo project.
  2. Modify Cargo.toml to contain both a license and license-file directive.
  3. Run cargo build.
  4. Note that Cargo says this:
warning: /home/bmc/checkouts/lawn/lawn-protocol/Cargo.toml: only one of `license` or `license-file` is necessary
`license` should be used if the package license can be expressed with a standard SPDX expression.
`license-file` should be used if the package uses a non-standard license.
See https://doc.rust-lang.org/cargo/reference/manifest.html#the-license-and-license-file-fields for more information.

Possible Solution(s)

Cargo should not suggest that only one of license or license-file is needed, and it should not encourage violations of the license and the law by suggesting that the user not including a full copy of the copyright and license information. Cargo might instead suggest always including a license-file directive.

Notes

No response

Version

cargo 1.64.0 (387270bc7 2022-09-16)
release: 1.64.0
commit-hash: 387270bc7f446d17869c7f208207c73231d6a252
commit-date: 2022-09-16
host: x86_64-unknown-linux-gnu
libgit2: 1.4.2 (sys:0.14.2 vendored)
libcurl: 7.83.1-DEV (sys:0.4.55+curl-7.83.1 vendored ssl:OpenSSL/1.1.1q)
os: Debian n/a (bookworm) [64-bit]
@bk2204 bk2204 added the C-bug Category: bug label Nov 29, 2022
@ehuss
Copy link
Contributor

ehuss commented Nov 29, 2022

Thanks for the report! I'm going to close as a duplicate of #8537. #8537 (comment) describes our current position. A copy of the license can (and should) still be included in the package (which is the default behavior if include or exclude is not used). I realize that it is not entirely convenient to access that copyright text, but it can be extracted without too much effort. As described in that link, having both in Cargo.toml can lead to ambiguity, so there is more work needed to better support this issue.

@ehuss ehuss closed this as not planned Won't fix, can't repro, duplicate, stale Nov 29, 2022
@bk2204
Copy link
Contributor Author

bk2204 commented Nov 29, 2022

I would prefer this be reopened. I don't think it causes any ambiguity at all, since automated processes would use license and humans would use license-file, which are complementary, not contradictory. In my case, I use include to include a generated README (because my README in the repository is not Markdown), and so in this case the suggestion is still incorrect.

I'm not asking the Cargo maintainers to do the job of processing or collecting the license information here or deciding how to present it, which is what that comment suggests. I'm simply asking that you not advise people to engage in behaviour which violates the license and the law.

Pretty much nobody can legally just use license without also having a version of the license text included, and in my experience, it's very common for people to do that. Personally, I must distribute a verbatim copy of the copyright and license when I distribute Rust software at work, and I have had to manually extract licenses from major crates that we depend on because they are not included in the crate, mostly due to this issue. This is a giant, needless hassle and Cargo is incentivizing unhelpful behaviour here.

@JanBeh
Copy link

JanBeh commented Apr 28, 2023

I do see there is a real problem, but I think license-file isn't the best choice here. See #12053 for an alternative solution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
C-bug Category: bug
Projects
None yet
Development

No branches or pull requests

3 participants