gpu-alloc icon indicating copy to clipboard operation
gpu-alloc copied to clipboard

Published 20 hours ago verified publisher icon zakarumych

LICENSE files in package subdirs

Open schwa423 opened this issue 2 years ago • 3 comments

Background:

Hello, the Fuchsia project vendors crates from crates.io, and in order to do so we require explicit license files alongside the source code. Here is the policy: https://fuchsia.dev/fuchsia-src/contribute/governance/policy/open-source-licensing-policies?hl=en#licenses_and_tracking . In particular, reading the SPDX package/license field from the crate's Cargo.toml is not good enough.

Request:

Could you please add LICENSE-* files to the package subdirectories, specifically gpu-alloc and types (although you might as well do it for all package dirs that are uploaded to crates.io)?

We are currently using gpu-alloc 0.5.3 and gpu-alloc-types 0.2.0. Since crates.io doesn't allow re-uploading the same version with a modified crate, it seems the right thing to do is to upload new crates with versions 0.5.4 and 0.2.1 respectively.

I'd appreciate if you're able to do this, since I have to file similar issues for many other crate dependencies. But if you don't have the bandwidth to address this issue, please let me know and I'll find time to submit a pull request (although of course I won't be able to upload anything to crates.io)

schwa423 avatar Mar 28 '22 19:03 schwa423

Hello.

What do you specifically mean by "crate doesn't have a LICENSE (or LICENSE-APACHE, etc.) file"? Do you refer to license-file field in Cargo.toml? If so, wouldn't it be better to reference existing license files there? Otherwise, please, explain how license files in each crate directory would help.

zakarumych avatar Mar 28 '22 19:03 zakarumych

Hi, thanks for the quick response. No, I don't mean the field in Cargo.toml; I mean a separate file (e.g. LICENSE-MIT) that is uploaded with the rest of the crate files to crates.io. For example, consider: https://github.com/RustCrypto/signatures/tree/master/ecdsa ... the LICENSE-APACHE and LICENSE-MIT files were added so that they appear in crates.io, even though copies of those files also exist in the repository root directory.

The reason for this request is that we currently only have legal sign-off for LICENSE-* files, not to read the license out of Cargo.toml metadata. It might seem silly to you and me, but that's the current state of things.

schwa423 avatar Mar 28 '22 19:03 schwa423

I modified the issue description to contain a link to our licensing policy.

schwa423 avatar Mar 29 '22 16:03 schwa423