Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

0.14 pulls in CC0 license #523

Open
joeroback opened this issue Feb 2, 2024 · 2 comments
Open

0.14 pulls in CC0 license #523

joeroback opened this issue Feb 2, 2024 · 2 comments

Comments

@joeroback
Copy link

the latest 0.14 pulls in tiny-keccak, which has the CC0 license, which is extremely difficult to use in commercial setting due to its patent clause. i have asked the author why or to consider MIT/Apache, but wondering if there are other ways to work around this, since i am sure config is not really interested in SHA-3 FIPS hashing

tiny-keccak v2.0.2
└── const-random-macro v0.1.16 (proc-macro)
    └── const-random v0.1.17
        └── dlv-list v0.5.2
            └── ordered-multimap v0.6.0
                └── rust-ini v0.19.0
                    └── config v0.14.0
@matthiasbeyer
Copy link
Member

Hi.
Thanks for filing this. We should introduce a cargo-deny CI check for things like this.

The simplest thing is to disable the ini backend I guess. This can be done by disabling the feature. If you need that backend, I do not see a way as of today... but this is clearly something we should resolve sooner than later.

The "simplest" solution would be for the author to relicense, actually.

@matthiasbeyer matthiasbeyer mentioned this issue Feb 2, 2024
Open
@joeroback
Copy link
Author

debris/tiny-keccak#54

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@epage @joeroback @matthiasbeyer