search

aws / aws-lc-rs

aws-lc-rs is a cryptographic library using AWS-LC for its cryptographic operations. The library strives to be API-compatible with the popular Rust library named ring.
Other
247 stars 40 forks source link

Please document the licensing of aws-lc #353

Closed joshtriplett closed 4 months ago

joshtriplett commented 4 months ago

Problem:

aws-lc-rs lists its license as SPDX-License-Identifier: ISC AND (Apache-2.0 OR ISC), which could lead people to assume that it doesn't have code under the old OpenSSL license. However, https://github.com/aws/aws-lc/blob/main/LICENSE gives a clearer picture of the licensing, showing that aws-lc still has code under the old OpenSSL license. Please document this in the license field of aws-lc-rs so that, for instance, people looking to preserve GPL-compatibility are not misled into thinking that aws-lc is just ISC and Apache-2.0.

Solution:

Please modify the license field in Cargo.toml to also include the OpenSSL license as an AND.

justsmth commented 4 months ago

Thanks. I'll follow up on this.

justsmth commented 4 months ago

The latest releases of aws-lc-sys and aws-lc-fips-sys have updated license metadata.