Closed taladar closed 3 years ago
I was under the impression that cargo deny check licenses
already does that?
It's also a bit out of scope, as dependency traversal itself is not the focus here. There also the excellent cargo-about
that mostly addresses this use case as well—including more thorough checks on actual validity of the license field in the configuration.
Since tooling that addresses this use case already exists, I'll close this as out of scope.
It might be useful to get an overview of all licenses used in dependencies.
This might be particularly interesting if new versions use a different license than older dependency versions used (e.g. like the MongoDB or Elasticsearch license changes).