divergentdave
commented
2 months ago This could help with gathering licenses of dependencies: https://embarkstudios.github.io/cargo-about/
Open tgeoghegan opened 4 months ago
divergentdave
commented
2 months ago This could help with gathering licenses of dependencies: https://embarkstudios.github.io/cargo-about/
Licenses like 3-clause BSD or Unicode v3 include a requirement that the license be included with any binary distributions of software (i.e., Janus) that uses dependencies covered by those licenses (i.e. our numerous deps that use these).
My reading of these licenses is that we do not need to worry about redistributing them with Janus sources: we don't distribute the source code of dependencies. Some entity using Janus does when they run
cargo build/test/run. This applies to the crates we ship: we distribute only source code to crates.io and docs.rs, so that's fine.However the binary artifacts we distribute should include Janus' license, as well as the licenses of dependencies.
For container images, David Cook suggested putting them in
/usr/share/common-licensesor/usr/share/*/copyright. We could invent some build step that walks the dep tree, extracts licenses and blats them into container images... or a cheekier fix would be to include every license enumerated inlicenses.allowin Janus'deny.toml.