dirs-sys 0.4.1 introduces an MPL-licensed dependency not compatible with MIT/Apache 2.0 #23
Comments
|
I see that #21 was closed essentially as wontfix. However, similarly to this comment, the license change means that we simply cannot use dirs-sys 0.4.1 as it stands; this has effectively broken the crate for us. |
This was referenced Jun 26, 2023
inikulin
pushed a commit
to cloudflare/foundations
that referenced
this issue
Jan 18, 2024
This removes `which` from the dependency graph, which avoids a licensing issue. dirs-dev/dirs-sys-rs#23
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
e169da7 introduced a dependency on
option-ext. That crate is licensed under the Mozilla Public License 2.0, a weak-copyleft license that is more restrictive than either MIT or Apache 2.0.(Although MPL is a file-level license that is not "viral" to projects using it as long as the files in question are not changed, the fact remains that it's more restrictive; for example, MIT allows sublicensing and MPL 2.0 does not.)
As a result, we (zcash/zcash) cannot upgrade to dependencies using
dirs-sys0.4.1 because it would violate our licensing policy. This is particularly problematic because according to semver, 0.4.1 is supposed to be a non-breaking release from 0.4.0, which did not have the MPL dependency.The text was updated successfully, but these errors were encountered: