Current behavior denies all licenses outside the list, except copyleft licenses.
Thus to also deny copyleft licenses requires:
copyleft = "deny"
This is misleading behavior and a trap by which crates might accidentally introduce copyleft dependencies.
To reproduce
Run cargo deny check licenses with a licenses allow list with a dependency with a licenses that is GPL-2.0 but not in the allow list and see it passes.
Describe the bug
When an allow list of licenses is specified e.g.
it should deny all licenses not in the list.
Current behavior denies all licenses outside the list, except copyleft licenses.
Thus to also deny copyleft licenses requires:
This is misleading behavior and a trap by which crates might accidentally introduce copyleft dependencies.
To reproduce
Run
cargo deny check licenses
with a licenses allow list with a dependency with a licenses that is GPL-2.0 but not in the allow list and see it passes.cargo-deny version
cargo-deny 0.14.11
What OS were you running cargo-deny on?
Linux
Additional context
A similar concern https://github.com/EmbarkStudios/cargo-deny/issues/354#issuecomment-1887410425