So recent talk about licenses made me check my side project and I found something that is a bit disturbing to a non-lawyer.
My project is Apache-2.0 / MIT and uses actix-web (also Apache-2.0 / MIT). However, some way down the line there is dependency on actix-rt (Apache-2.0 / MIT) and then copyless. Seems like copyless is under MPL-2.0 (crates.io). According to this article this is not legal. So my questions are:
- Is this thinking correct?
- Can I just ensure license compatibility within my own Cargo.toml (i.e. my software's license is compatible with my deps' licenses) and ignore my dep's dep's dep's license?