Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Separate license check for [dev-dependencies] vs [dependencies] #413

Closed
hrydgard opened this issue Apr 5, 2022 · 1 comment · Fixed by #557
Closed

Separate license check for [dev-dependencies] vs [dependencies] #413

hrydgard opened this issue Apr 5, 2022 · 1 comment · Fixed by #557
Labels
enhancement New feature or request

Comments

@hrydgard
Copy link
Contributor

hrydgard commented Apr 5, 2022

Sometimes, it might be interesting to use libraries with release-incompatible licenses in [dev-dependencies]. One example would be dssim, which is licensed under AGPL, and can be useful for comparing graphical output to a reference image while tolerating minor visually-invisible differences. In this case, its license doesn't need to be considered for the final binary release since neither the code nor any of its output will be included in it.

In deny.toml, the interface for this could be to simply have an additional allow-dev section. Like below:

[licenses]
...
allow = ["MIT", "Apache-2.0", "zlib"]
dev-allow = ["GPL", "AGPL"]

dev-allow would implicitly include everything from allow, since I can't really imagine a case where a library would not be OK to use for local tests, but OK in a final binary.
@hrydgard hrydgard added the enhancement New feature or request label Apr 5, 2022
@kazuk
Copy link

kazuk commented May 18, 2022

I wish to add build-allow for [build-dependencies]

@DJMcNab DJMcNab mentioned this issue Jul 16, 2022
Closed
@Jake-Shadle Jake-Shadle mentioned this issue Sep 3, 2023
Merged
@Porkepix Porkepix mentioned this issue Sep 4, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add support for ignoring dev dependencies EmbarkStudios/cargo-deny
2 participants
@hrydgard @kazuk