cargo complains about both license and license-file being used.

[bk2204]

Problem

Cargo complains about both license and license-file being provided. However, most open source licenses and most international copyright treaties (and hence, most nations' laws) require the preservation of copyright notices. It is useful to provide an SPDX license identifier to help automated systems discover and process the license, but providing a copy of the copyright and license notice is still mandatory. Hence, it is beneficial to provide both of these at the same time, and Cargo should not warn about them both being present.

Examples of licenses which require the preservation of copyright notices as a condition of the license grant include the MIT License, the Apache License version 2.0, and the GNU General Public License v2.

Steps

1. Create a new cargo project.
2. Modify Cargo.toml to contain both a license and license-file directive.
3. Run cargo build.
4. Note that Cargo says this:

warning: /home/bmc/checkouts/lawn/lawn-protocol/Cargo.toml: only one of `license` or `license-file` is necessary
`license` should be used if the package license can be expressed with a standard SPDX expression.
`license-file` should be used if the package uses a non-standard license.
See https://doc.rust-lang.org/cargo/reference/manifest.html#the-license-and-license-file-fields for more information.

Possible Solution(s)

Cargo should not suggest that only one of license or license-file is needed, and it should not encourage violations of the license and the law by suggesting that the user not including a full copy of the copyright and license information. Cargo might instead suggest always including a license-file directive.

Notes

No response

Version

cargo 1.64.0 (387270bc7 2022-09-16)
release: 1.64.0
commit-hash: 387270bc7f446d17869c7f208207c73231d6a252
commit-date: 2022-09-16
host: x86_64-unknown-linux-gnu
libgit2: 1.4.2 (sys:0.14.2 vendored)
libcurl: 7.83.1-DEV (sys:0.4.55+curl-7.83.1 vendored ssl:OpenSSL/1.1.1q)
os: Debian n/a (bookworm) [64-bit]

[ehuss]

Thanks for the report! I'm going to close as a duplicate of #8537. #8537 (comment) describes our current position. A copy of the license can (and should) still be included in the package (which is the default behavior if include or exclude is not used). I realize that it is not entirely convenient to access that copyright text, but it can be extracted without too much effort. As described in that link, having both in Cargo.toml can lead to ambiguity, so there is more work needed to better support this issue.

[bk2204]

I would prefer this be reopened. I don't think it causes any ambiguity at all, since automated processes would use license and humans would use license-file, which are complementary, not contradictory. In my case, I use include to include a generated README (because my README in the repository is not Markdown), and so in this case the suggestion is still incorrect.

I'm not asking the Cargo maintainers to do the job of processing or collecting the license information here or deciding how to present it, which is what that comment suggests. I'm simply asking that you not advise people to engage in behaviour which violates the license and the law.

Pretty much nobody can legally just use license without also having a version of the license text included, and in my experience, it's very common for people to do that. Personally, I must distribute a verbatim copy of the copyright and license when I distribute Rust software at work, and I have had to manually extract licenses from major crates that we depend on because they are not included in the crate, mostly due to this issue. This is a giant, needless hassle and Cargo is incentivizing unhelpful behaviour here.

[JanBeh]

I do see there is a real problem, but I think license-file isn't the best choice here. See #12053 for an alternative solution.