Add version = 2 #611
Merged
Add version = 2 #611
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I don't like that to fix bugs, features are being removed. Maybe this could help someone: To check if a license is osi or fsf-free, check the SPDX License List: https://spdx.org/licenses/ To check if a license is copyleft you can search for the "same license" column here: https://choosealicense.com/appendix/ |
|
I'll add this metadata to the output when a license has not been explicitly allowed, but the features that are being removed are just not useful and confusing to users. |
Jake-Shadle
added a commit
that referenced
this pull request
Feb 28, 2024
With the new changes coming once #611 deprecations have been fully removed, licenses will be rejected unless explicitly allowed. To help users, rejected licenses will now have notes printed with the SPDX short id, the full license name, and metadata for the license, eg. ``` = OpenSSL - OpenSSL License: = - FSF Free/Libre = GPL-3.0 - GNU General Public License v3.0 only: = - **DEPRECATED** = - OSI approved = - FSF Free/Libre = - Copyleft ``` Additionally, the diagnostic for rejected expressions now only includes the span information for rejected licenses, unless the log level is set to info or higher via `-L info`. Old: ``` error[rejected]: failed to satisfy license requirements ┌─ /home/jake/code/cargo-deny/deny.toml:71:15 │ 71 │ expression = "ISC AND MIT AND OpenSSL" │ ^^^-----^^^-----^^^^^^^ │ │ │ │ │ │ │ rejected: license was not explicitly allowed │ │ accepted: license is explicitly allowed │ license expression retrieved via user override │ accepted: license is explicitly allowed │ ``` New: ``` error[rejected]: failed to satisfy license requirements ┌─ /home/jake/code/cargo-deny/deny.toml:71:31 │ 71 │ expression = "ISC AND MIT AND OpenSSL" │ ----------------^^^^^^^ │ │ │ │ │ rejected: license was not explicitly allowed │ license expression retrieved via user override │ ```
github-merge-queue bot
pushed a commit
to bevyengine/bevy
that referenced
this pull request
Mar 1, 2024
# Objective Cargo-deny has being updated and now some keys are being deprecated. Fix these warnings: <details> ```rs warning[deprecated]: this key will be removed in a future update, see EmbarkStudios/cargo-deny#611 for details ┌─ /Users/ameknite/code/rust/repos/bevy/deny.toml:6:1 │ 6 │ vulnerability = "deny" │ ^^^^^^^^^^^^^ warning[deprecated]: this key will be removed in a future update, see EmbarkStudios/cargo-deny#611 for details ┌─ /Users/ameknite/code/rust/repos/bevy/deny.toml:7:1 │ 7 │ unmaintained = "deny" │ ^^^^^^^^^^^^ warning[deprecated]: this key will be removed in a future update, see EmbarkStudios/cargo-deny#611 for details ┌─ /Users/ameknite/code/rust/repos/bevy/deny.toml:9:1 │ 9 │ notice = "deny" │ ^^^^^^ warning[deprecated]: this key will be removed in a future update, see EmbarkStudios/cargo-deny#611 for details ┌─ /Users/ameknite/code/rust/repos/bevy/deny.toml:13:1 │ 13 │ unlicensed = "deny" │ ^^^^^^^^^^ warning[deprecated]: this key will be removed in a future update, see EmbarkStudios/cargo-deny#611 for details ┌─ /Users/ameknite/code/rust/repos/bevy/deny.toml:14:1 │ 14 │ copyleft = "deny" │ ^^^^^^^^ warning[deprecated]: this key will be removed in a future update, see EmbarkStudios/cargo-deny#611 for details ┌─ /Users/ameknite/code/rust/repos/bevy/deny.toml:15:1 │ 15 │ default = "deny" │ ^^^^^^^ warning[deprecated]: this key has been moved to [graph] ┌─ /Users/ameknite/code/rust/repos/bevy/deny.toml:1:1 │ 1 │ all-features = true │ ^^^^^^^^^^^^ ``` </details> This also fix ci by temporarily skipping the check for cpal dependencies. #11917 (comment) ## Solution - Remove keys deprecated. - Update the list of licenses allowed. (All these licenses are already being use for some dependencies) - Skip cpal dependencies to avoid falining in CI, while we wait for new releases #11917 (comment)
Cargo deny warns me that the configuration field will be removed. If I understand correctly that it will have no option to only warn when encountering unmaintained crates, it seems a bit aggresive, to me. For context, I am collaborating on a project that depends on librespot, which while in development, has not seen a release in 2 years and thus depends on several unmaintained crates. |
1 task
QuantumDancer
added a commit
to QuantumDancer/AUDITOR
that referenced
this pull request
Mar 7, 2024
This commit removes all deprecated config options, see EmbarkStudios/cargo-deny#611 for details. It also moves the `targets` option into the `[graph]` section.
QuantumDancer
added a commit
to QuantumDancer/AUDITOR
that referenced
this pull request
Mar 7, 2024
This commit removes all deprecated config options, see EmbarkStudios/cargo-deny#611 for details. It also moves the `targets` option into the `[graph]` section.
QuantumDancer
added a commit
to QuantumDancer/AUDITOR
that referenced
this pull request
Mar 7, 2024
This commit removes all deprecated config options and sets the new version of the `[advisories]` and `[licenses]` sections explicitly, see EmbarkStudios/cargo-deny#611 for details. It also moves the `targets` option into the `[graph]` section.
spectria-limina
pushed a commit
to spectria-limina/bevy
that referenced
this pull request
Mar 9, 2024
# Objective Cargo-deny has being updated and now some keys are being deprecated. Fix these warnings: <details> ```rs warning[deprecated]: this key will be removed in a future update, see EmbarkStudios/cargo-deny#611 for details ┌─ /Users/ameknite/code/rust/repos/bevy/deny.toml:6:1 │ 6 │ vulnerability = "deny" │ ^^^^^^^^^^^^^ warning[deprecated]: this key will be removed in a future update, see EmbarkStudios/cargo-deny#611 for details ┌─ /Users/ameknite/code/rust/repos/bevy/deny.toml:7:1 │ 7 │ unmaintained = "deny" │ ^^^^^^^^^^^^ warning[deprecated]: this key will be removed in a future update, see EmbarkStudios/cargo-deny#611 for details ┌─ /Users/ameknite/code/rust/repos/bevy/deny.toml:9:1 │ 9 │ notice = "deny" │ ^^^^^^ warning[deprecated]: this key will be removed in a future update, see EmbarkStudios/cargo-deny#611 for details ┌─ /Users/ameknite/code/rust/repos/bevy/deny.toml:13:1 │ 13 │ unlicensed = "deny" │ ^^^^^^^^^^ warning[deprecated]: this key will be removed in a future update, see EmbarkStudios/cargo-deny#611 for details ┌─ /Users/ameknite/code/rust/repos/bevy/deny.toml:14:1 │ 14 │ copyleft = "deny" │ ^^^^^^^^ warning[deprecated]: this key will be removed in a future update, see EmbarkStudios/cargo-deny#611 for details ┌─ /Users/ameknite/code/rust/repos/bevy/deny.toml:15:1 │ 15 │ default = "deny" │ ^^^^^^^ warning[deprecated]: this key has been moved to [graph] ┌─ /Users/ameknite/code/rust/repos/bevy/deny.toml:1:1 │ 1 │ all-features = true │ ^^^^^^^^^^^^ ``` </details> This also fix ci by temporarily skipping the check for cpal dependencies. bevyengine#11917 (comment) ## Solution - Remove keys deprecated. - Update the list of licenses allowed. (All these licenses are already being use for some dependencies) - Skip cpal dependencies to avoid falining in CI, while we wait for new releases bevyengine#11917 (comment)
QuantumDancer
added a commit
to QuantumDancer/AUDITOR
that referenced
this pull request
Mar 11, 2024
This commit removes all deprecated config options and sets the new version of the `[advisories]` and `[licenses]` sections explicitly, see EmbarkStudios/cargo-deny#611 for details. It also moves the `targets` option into the `[graph]` section.
QuantumDancer
added a commit
to ALU-Schumacher/AUDITOR
that referenced
this pull request
Mar 11, 2024
This commit removes all deprecated config options and sets the new version of the `[advisories]` and `[licenses]` sections explicitly, see EmbarkStudios/cargo-deny#611 for details. It also moves the `targets` option into the `[graph]` section.
xv-ian-c
added a commit
to expressvpn/wolfssl-rs
that referenced
this pull request
Mar 12, 2024
Several fields were deprecated and causing warnings, out settings match the new default behaviour anyway. See EmbarkStudios/cargo-deny#611 for more.
nicolasavru
added a commit
to wayland-transpositor/wprs
that referenced
this pull request
Mar 20, 2024
See EmbarkStudios/cargo-deny#611 for details.
tahaafzal5
added a commit
to tahaafzal5/zero2prod
that referenced
this pull request
Aug 11, 2024
EmbarkStudios/cargo-deny#611 Since version 2 of `cargo deny`, all `unmaintained` now emit errors. To ignore a specific advisory, we add it to the `ignore` field.
jcsp
pushed a commit
to neondatabase/neon
that referenced
this pull request
Aug 12, 2024
## Problem - Rust 1.80.1 has been released: https://blog.rust-lang.org/2024/08/08/Rust-1.80.1.html - Python 3.9.19 has been released: https://www.python.org/downloads/release/python-3919/ - Mold 2.33.0 has been released: https://github.com/rui314/mold/releases/tag/v2.33.0 - Unpinned `cargo-deny` in `build-tools` got updated to the latest version and doesn't work anymore with the current config file ## Summary of changes - Bump Rust to 1.80.1 - Bump Python to 3.9.19 - Bump Mold to 2.33.0 - Pin `cargo-deny`, `cargo-hack`, `cargo-hakari`, `cargo-nextest`, `rustfilt` versions - Update `deny.toml` to the latest format, see EmbarkStudios/cargo-deny#611
ammernico
added a commit
to ammernico/butido
that referenced
this pull request
Aug 13, 2024
There have been a lot of changes in the deny configuration format. We used v1 and v2 brings in many changes. We should be able to just add the missing licenses to the deny.toml and keep the new default values like documented here: EmbarkStudios/cargo-deny#611
ammernico
added a commit
to ammernico/butido
that referenced
this pull request
Aug 13, 2024
There have been a lot of changes in the deny configuration format. We used v1 and v2 brings in many changes. We should be able to just add the missing licenses to the deny.toml and keep the new default values like documented here: EmbarkStudios/cargo-deny#611 Signed-off-by: Nico Steinle <[email protected]>
afrittoli
pushed a commit
to cdevents/sdk-rust
that referenced
this pull request
Aug 14, 2024
see: [Add version = 2 by Jake-Shadle · Pull Request #611 · EmbarkStudios/cargo-deny](EmbarkStudios/cargo-deny#611) previously ``` warning[deprecated]: this key will be removed in a future update, see EmbarkStudios/cargo-deny#611 for details ┌─ /mnt/nvme0n1p1/david/src/github.com/cdevents/sdk-rust/tools/cargo-deny/deny.toml:22:1 │ 22 │ vulnerability = "deny" │ ^^^^^^^^^^^^^ warning[deprecated]: this key will be removed in a future update, see EmbarkStudios/cargo-deny#611 for details ┌─ /mnt/nvme0n1p1/david/src/github.com/cdevents/sdk-rust/tools/cargo-deny/deny.toml:21:1 │ 21 │ unmaintained = "deny" │ ^^^^^^^^^^^^ warning[deprecated]: this key will be removed in a future update, see EmbarkStudios/cargo-deny#611 for details ┌─ /mnt/nvme0n1p1/david/src/github.com/cdevents/sdk-rust/tools/cargo-deny/deny.toml:9:1 │ 9 │ unlicensed = "deny" │ ^^^^^^^^^^ warning[deprecated]: this key will be removed in a future update, see EmbarkStudios/cargo-deny#611 for details ┌─ /mnt/nvme0n1p1/david/src/github.com/cdevents/sdk-rust/tools/cargo-deny/deny.toml:10:1 │ 10 │ copyleft = "deny" │ ^^^^^^^^ warning[license-not-encountered]: license was not encountered ┌─ /mnt/nvme0n1p1/david/src/github.com/cdevents/sdk-rust/tools/cargo-deny/deny.toml:12:32 │ 12 │ allow = ["Apache-2.0", "MIT", "BSD-2-Clause", "Unicode-DFS-2016"] │ ^^^^^^^^^^^^ unmatched license allowance advisories ok, licenses ok ``` Signed-off-by: David Bernard <[email protected]>
ammernico
added a commit
to ammernico/butido
that referenced
this pull request
Aug 14, 2024
Since we decided to update the current deny.toml instead of using the current template I looked up where the template came from to check what changed from the time the deny.toml got introduced. The deny.toml got created by commit: 1aae75b on: Fri Dec 4 14:27:08 2020 +0100 When looking for the last change in the deny.toml template in the repo (https://github.com/EmbarkStudios/cargo-deny) ({repo_url}/commits/main/deny.template.toml) The last commit should be: 98946c8732f09f4e1cce3eae766d248d3afa7ef4 on: Nov 9, 2020 > This is a follow up to #606 that actually provides a way to remove the deprecated fields and opt in to the new behavior until the fields are removed and the new behavior becomes the only behavior EmbarkStudios/cargo-deny#611 New default behavior for removed fields: - unlicensed = "deny" New default: deny - copyleft = "deny" New default: deny - allow-osi-fsf-free = "either" New default: neither > it doesn't matter if the license is osi and/or fsf free, only if it is in the allow (or exception) list.
ammernico
added a commit
to ammernico/butido
that referenced
this pull request
Aug 14, 2024
Since we decided to update the current `deny.toml` instead of using the template, I looked up where the template originated to check what had changed since the `deny.toml` was introduced. The `deny.toml` was created by commit: 1aae75b on: Fri Dec 4 14:27:08 2020 +0100 When looking for the last change in the `deny.toml` template in the repo (https://github.com/EmbarkStudios/cargo-deny) ({repo_url}/commits/main/deny.template.toml) The last commit was: 98946c8732f09f4e1cce3eae766d248d3afa7ef4 on: Nov 9, 2020 The following comment describes the new default behavior in detail: EmbarkStudios/cargo-deny#611 > This is a follow-up to #606 that actually provides a way to remove the deprecated fields and opt in to the new behavior until the fields are removed and the new behavior becomes the only behavior. New default behavior for removed fields: - `unlicensed = "deny"` New default: `deny` - `copyleft = "deny"` New default: `deny` - `allow-osi-fsf-free = "either"` New default: `neither` > It doesn't matter if the license is OSI and/or FSF free, only if it is in the allow (or exception) list.
ammernico
added a commit
to ammernico/butido
that referenced
this pull request
Aug 14, 2024
Since we decided to update the current `deny.toml` instead of using the template, I looked up where the template originated to check what had changed since the `deny.toml` was introduced. The `deny.toml` was created by commit: 1aae75b on: Fri Dec 4 14:27:08 2020 +0100 When looking for the last change in the `deny.toml` template in the repo (https://github.com/EmbarkStudios/cargo-deny) ({repo_url}/commits/main/deny.template.toml) The last commit was: 98946c8732f09f4e1cce3eae766d248d3afa7ef4 on: Nov 9, 2020 The following comment describes the new default behavior in detail: EmbarkStudios/cargo-deny#611 > This is a follow-up to #606 that actually provides a way to remove the deprecated fields and opt in to the new behavior until the fields are removed and the new behavior becomes the only behavior. New default behavior for removed fields: - `unlicensed = "deny"` New default: `deny` - `copyleft = "deny"` New default: `deny` - `allow-osi-fsf-free = "either"` New default: `neither` > It doesn't matter if the license is OSI and/or FSF free, only if it is in the allow (or exception) list.
ammernico
added a commit
to ammernico/butido
that referenced
this pull request
Aug 14, 2024
Since we decided to update the current `deny.toml` instead of using the template, I looked up where the template originated to check what had changed since the `deny.toml` was introduced. The `deny.toml` was created by commit: 1aae75b on: Fri Dec 4 14:27:08 2020 +0100 When looking for the last change in the `deny.toml` template in the repo (https://github.com/EmbarkStudios/cargo-deny) ({repo_url}/commits/main/deny.template.toml) The last commit was: 98946c8732f09f4e1cce3eae766d248d3afa7ef4 on: Nov 9, 2020 The following comment describes the new default behavior in detail: EmbarkStudios/cargo-deny#611 > This is a follow-up to #606 that actually provides a way to remove the deprecated fields and opt in to the new behavior until the fields are removed and the new behavior becomes the only behavior. New default behavior for removed fields: - `unlicensed = "deny"` New default: `deny` - `copyleft = "deny"` New default: `deny` - `allow-osi-fsf-free = "either"` New default: `neither` > It doesn't matter if the license is OSI and/or FSF free, only if it is in the allow (or exception) list. Signed-off-by: Nico Steinle <[email protected]>
inorick
pushed a commit
to eclipse-heimlig/heimlig
that referenced
this pull request
Aug 20, 2024
See EmbarkStudios/cargo-deny#611 for details.
SCingolani
pushed a commit
to eclipse-heimlig/heimlig
that referenced
this pull request
Aug 21, 2024
* Do not require #![feature(offset_of)] as it was merged to stable Set MSRV to 1.77 * Fix clippy warnings * Update heapless dependency to 0.7.16 * Update deny.toml to new format See EmbarkStudios/cargo-deny#611 for details. --------- Co-authored-by: Norbert Fabritius <[email protected]>
|
I am running into errors that refer to this for migration instructions, but am unclear on the migration path from the licenses keys. What should these be replaced with? |
|
All licenses are implicitly denied unless added to |
|
This change effectively blocks contributors to my project if an advisory has been issued since the last CI build. I'm fine with this for vulnerabilities as it gives me a heads up to fix it myself, but I don't really care if something has become unmaintained - I had previously set it to warn (as a nudge when I run CI checks locally). Looks like I need to skip all advisory checks in CI now and have a separate checking script for local flow...which is a bit disappointing. |
bitwizeshift
added a commit
to bitwizeshift/alloy-rs
that referenced
this pull request
Aug 24, 2024
`cargo-deny` updates its specification in EmbarkStudios/cargo-deny#611 to remove a lot of existing keys that were previously allowed. This was causing license failures that should have otherwise succeeded. This updates the underlying configuration to fit the new v2 scheme so that it will pass.
bitwizeshift
added a commit
to bitwizeshift/alloy-rs
that referenced
this pull request
Aug 24, 2024
`cargo-deny` updates its specification in EmbarkStudios/cargo-deny#611 to remove a lot of existing keys that were previously allowed. This was causing license failures that should have otherwise succeeded. This updates the underlying configuration to fit the new v2 scheme so that it will pass.
ammernico
added a commit
to ammernico/butido
that referenced
this pull request
Aug 28, 2024
Since we decided to update the current `deny.toml` instead of using the template, I looked up where the template originated to check what had changed since the `deny.toml` was introduced. The `deny.toml` was created by commit: 1aae75b on: Fri Dec 4 14:27:08 2020 +0100 When looking for the last change in the `deny.toml` template in the repo (https://github.com/EmbarkStudios/cargo-deny) ({repo_url}/commits/main/deny.template.toml) The last commit was: 98946c8732f09f4e1cce3eae766d248d3afa7ef4 on: Nov 9, 2020 The following comment describes the new default behavior in detail: EmbarkStudios/cargo-deny#611 > This is a follow-up to #606 that actually provides a way to remove the deprecated fields and opt in to the new behavior until the fields are removed and the new behavior becomes the only behavior. New default behavior for removed fields: - `unlicensed = "deny"` New default: `deny` - `copyleft = "deny"` New default: `deny` - `allow-osi-fsf-free = "either"` New default: `neither` > It doesn't matter if the license is OSI and/or FSF free, only if it is in the allow (or exception) list. Signed-off-by: Nico Steinle <[email protected]>
ammernico
added a commit
to ammernico/butido
that referenced
this pull request
Aug 28, 2024
The fields got deprecated in version 0.14.12. The new default behavior for the fields are: - `unlicensed = "deny"` New default: `deny` - `copyleft = "deny"` New default: `deny` - `allow-osi-fsf-free = "either"` New default: `neither` > It doesn't matter if the license is OSI and/or FSF free, only if it is in the allow (or exception) list. Link to the changelog: https://github.com/EmbarkStudios/cargo-deny/blob/main/CHANGELOG.md#01412---2024-02-23 This pull requests describes the changes and new default behavior in more detail: EmbarkStudios/cargo-deny#611 > This is a follow-up to #606 that actually provides a way to remove the deprecated fields and opt in to the new behavior until the fields are removed and the new behavior becomes the only behavior. Since version 0.16.0 having these fields errors out. https://github.com/EmbarkStudios/cargo-deny/blob/main/CHANGELOG.md#0160---2024-08-02 > ... making the usage of the deprecated fields into errors. The diff in the comments are changes from the current cargo deny template. Signed-off-by: Nico Steinle <[email protected]>
ammernico
added a commit
to ammernico/butido
that referenced
this pull request
Aug 28, 2024
The fields were deprecated in version 0.14.12. The new default behavior for the fields are: - `unlicensed = "deny"` New default: `deny` - `copyleft = "deny"` New default: `deny` - `allow-osi-fsf-free = "either"` New default: `neither` > It doesn't matter if the license is OSI and/or FSF free, only if it is in the allow (or exception) list. Link to the 0.14.12 changelog: https://github.com/EmbarkStudios/cargo-deny/blob/main/CHANGELOG.md#01412---2024-02-23 This pull request describes the changes and new default behavior in more detail: EmbarkStudios/cargo-deny#611 > This is a follow-up to #606 that actually provides a way to remove the deprecated fields and opt in to the new behavior until the fields are removed and the new behavior becomes the only behavior. Since version 0.16.0 having these fields errors out. https://github.com/EmbarkStudios/cargo-deny/blob/main/CHANGELOG.md#0160---2024-08-02 > ... making the usage of the deprecated fields into errors. The diff in the comments are changes from the current cargo deny template. Signed-off-by: Nico Steinle <[email protected]>
davidben
pushed a commit
to google/boringssl
that referenced
this pull request
Sep 16, 2024
See EmbarkStudios/cargo-deny#611 - Instead of using the template from deny.template.toml, just specify the fields that we need to be changed - Added back comments on bans.allow, but the bssl-sys and bssl-crypto crates are not added to the allowlist because they are now allowed with `licenses.allow = ["ISC"]`. Change-Id: I9e693780d902671444bf90b4d158d6e099e87ccb Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/70147 Reviewed-by: Bob Beck <[email protected]> Commit-Queue: David Benjamin <[email protected]>
martin-g
added a commit
to apache/avro-rs
that referenced
this pull request
Sep 23, 2024
New https://embarkstudios.github.io/cargo-deny/index.html release emits errors if the settings match the default ones ... See EmbarkStudios/cargo-deny#611 Signed-off-by: Martin Tzvetanov Grigorov <[email protected]>
|
Could I have hundreds of internal crates to update, and I'd rather not do that in a manual error-prone way. |
|
(I hate to say this, but this sounds like a perfect task to automate with an LLM. Show it an example before-after, and it should be able to rewrite the rest accordingly. Yes, still error-prone of course, but it's easier to just check than to do by hand. I think.) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a follow up to #606 that actually provides a way to remove the deprecated fields and opt in to the new behavior until the fields are removed and the new behavior becomes the only behavior.
Basically,
version = 2can be added to the[advisories]and[licenses], which opts in to the new behavior, and means any of the deprecated keys no longer impact the results of the checks.The new behavior is as follows:
[advisories]vulnerability-denyunmaintained-deny, old default =warnunsound-deny, old default =warnnotice-deny, old default =warnseverity-threshold- CVSS severity no longer consideredResolves: #449
[licenses]unlicensedNew default of
deny, old default waswarn.If a crate is unlicensed, a clarification can be used to assign a license based on one or more source files in the package
allow-osi-fsf-freeOld default was
both, the new default isneither, ie, it doesn't matter if the license is osi and/or fsf free, only if it is in the allow (or exception) list.copyleftOld default was
warn, the new default isdeny, it only matters if the license is allowed in the allow or exception list.Resolves: #602
Resolves: #354
defaultProvided the default for a license not otherwise listed, now all licenses are
denyunless explicitly in the allow or exception list.denyThis list served no purpose, if the license is not in the allow or exception list, it is denied.