You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Cargo complains about both license and license-file being provided. However, most open source licenses and most international copyright treaties (and hence, most nations' laws) require the preservation of copyright notices. It is useful to provide an SPDX license identifier to help automated systems discover and process the license, but providing a copy of the copyright and license notice is still mandatory. Hence, it is beneficial to provide both of these at the same time, and Cargo should not warn about them both being present.
Examples of licenses which require the preservation of copyright notices as a condition of the license grant include the MIT License, the Apache License version 2.0, and the GNU General Public License v2.
Steps
Create a new cargo project.
Modify Cargo.toml to contain both a license and license-file directive.
Run cargo build.
Note that Cargo says this:
warning: /home/bmc/checkouts/lawn/lawn-protocol/Cargo.toml: only one of `license` or `license-file` is necessary
`license` should be used if the package license can be expressed with a standard SPDX expression.
`license-file` should be used if the package uses a non-standard license.
See https://doc.rust-lang.org/cargo/reference/manifest.html#the-license-and-license-file-fields for more information.
Possible Solution(s)
Cargo should not suggest that only one of license or license-file is needed, and it should not encourage violations of the license and the law by suggesting that the user not including a full copy of the copyright and license information. Cargo might instead suggest always including a license-file directive.
Thanks for the report! I'm going to close as a duplicate of #8537. #8537 (comment) describes our current position. A copy of the license can (and should) still be included in the package (which is the default behavior if include or exclude is not used). I realize that it is not entirely convenient to access that copyright text, but it can be extracted without too much effort. As described in that link, having both in Cargo.toml can lead to ambiguity, so there is more work needed to better support this issue.
I would prefer this be reopened. I don't think it causes any ambiguity at all, since automated processes would use license and humans would use license-file, which are complementary, not contradictory. In my case, I use include to include a generated README (because my README in the repository is not Markdown), and so in this case the suggestion is still incorrect.
I'm not asking the Cargo maintainers to do the job of processing or collecting the license information here or deciding how to present it, which is what that comment suggests. I'm simply asking that you not advise people to engage in behaviour which violates the license and the law.
Pretty much nobody can legally just use license without also having a version of the license text included, and in my experience, it's very common for people to do that. Personally, I must distribute a verbatim copy of the copyright and license when I distribute Rust software at work, and I have had to manually extract licenses from major crates that we depend on because they are not included in the crate, mostly due to this issue. This is a giant, needless hassle and Cargo is incentivizing unhelpful behaviour here.
Uh oh!
There was an error while loading. Please reload this page.
Problem
Cargo complains about both
license
andlicense-file
being provided. However, most open source licenses and most international copyright treaties (and hence, most nations' laws) require the preservation of copyright notices. It is useful to provide an SPDX license identifier to help automated systems discover and process the license, but providing a copy of the copyright and license notice is still mandatory. Hence, it is beneficial to provide both of these at the same time, and Cargo should not warn about them both being present.Examples of licenses which require the preservation of copyright notices as a condition of the license grant include the MIT License, the Apache License version 2.0, and the GNU General Public License v2.
Steps
Cargo.toml
to contain both alicense
andlicense-file
directive.cargo build
.Possible Solution(s)
Cargo should not suggest that only one of
license
orlicense-file
is needed, and it should not encourage violations of the license and the law by suggesting that the user not including a full copy of the copyright and license information. Cargo might instead suggest always including alicense-file
directive.Notes
No response
Version
The text was updated successfully, but these errors were encountered: