Cargo:: only BSD/MIT, no GPL crates

For commercial uses of Rust, is there a way to tell Cargo:

  • only use BSD/MIT crates
  • never use GPL crates

It is easy to check individual crates, but it's not clear what dependencies the crates I use pulls in.

3 Likes

You could use https://github.com/onur/cargo-license, you’d have to wrap it in a small script to check the output though.

6 Likes

Here's a small script:
https://gist.github.com/azriel91/3bc29b4c131e5734652b51ac2f045865

Goes by white list, and reports all crates that don't have a matching white listed license.

6 Likes

@azriel91 , @steveklabnik : Excellent suggestions. Thanks!

Gentoo has an ACCEPT_LICENSE allow-list (/etc/portage/make.conf - Gentoo Wiki); it'd be neat for cargo to have something similar.

For curiosity sake, would love to know the reason behind this move.

I have a similar policy (although I think I'm currently using an LGPL based crate in one project that I need to replace). I do so because I don't want to have to deal with the additional restrictions GPL adds. I have yet to actually distribute pre-compiled binaries for any project, but if I do then I don't want that to force me to do anything. For libraries I then consider it from the point of view of someone using it in an application, and don't want my choice of dependencies to cause the same issue for them.

1 Like