Cargo:: only BSD/MIT, no GPL crates


#1

For commercial uses of Rust, is there a way to tell Cargo:

  • only use BSD/MIT crates
  • never use GPL crates

It is easy to check individual crates, but it’s not clear what dependencies the crates I use pulls in.


#2

You could use https://github.com/onur/cargo-license, you’d have to wrap it in a small script to check the output though.


#3

Here’s a small script:

Goes by white list, and reports all crates that don’t have a matching white listed license.


#4

@azriel91 , @steveklabnik : Excellent suggestions. Thanks!


#5

Gentoo has an ACCEPT_LICENSE allow-list (https://wiki.gentoo.org/wiki//etc/portage/make.conf#ACCEPT_LICENSE); it’d be neat for cargo to have something similar.


#6

For curiosity sake, would love to know the reason behind this move.


#7

I have a similar policy (although I think I’m currently using an LGPL based crate in one project that I need to replace). I do so because I don’t want to have to deal with the additional restrictions GPL adds. I have yet to actually distribute pre-compiled binaries for any project, but if I do then I don’t want that to force me to do anything. For libraries I then consider it from the point of view of someone using it in an application, and don’t want my choice of dependencies to cause the same issue for them.