search

rust-lang / rust-clippy

A bunch of lints to catch common mistakes and improve your Rust code. Book: https://doc.rust-lang.org/clippy/
https://rust-lang.github.io/rust-clippy/
Other
11.46k stars 1.54k forks source link

Restriction Lint: Crate License #3867

Open mehcode opened 5 years ago

mehcode commented 5 years ago

After seeing the new-ish cargo metadata lints, I was thinking it would interesting to have a lint like:

crate_license Check the license information in the crate metadata and restrict to something.

I imagine a whitelist/blacklist of licenses would be what most want. 

# in clippy.toml
blacklisted-licenses = ["MIT"]
whitelisted-licenses = ["MPL"]

This seems fairly straightforward to implement after reading some of the source for the cargo lints. If we want to do this I'd love to try to implement.

phansch commented 5 years ago

Seems like a good idea, especially for orgs that want to enforce certain licenses on their crates.

Julusian commented 5 years ago

Seems like a good idea, especially for orgs that want to enforce certain licenses on their crates.

It would be useful for anyone writing anything that is to be distributed, in either source or binary form, to encourage them to be compliant with licenses of crates they use.

It is currently very easy to not notice that one crate some dependencies deep is licensed GPL, which would then require your software to also be GPL

mehcode commented 5 years ago

Does there exist a reasonable default or should the blacklist/whitelist be empty?

If it's possible to know if license A is compatible with license B (where A is the root project and B is a dependency), that could be a reasonable default.

That can be decided after this is a thing of course.

Manishearth commented 5 years ago

I would keep it empty