Here's a list of the current set of workarounds, the crates they apply to, and why the workaround is needed
bitvec crate and one of its dependencies by the same author don't include the license information in the crate source.
chrono crate puts both the
MIT license texts in the same file, which confuses
askalono and also means the SPDX expression is not machine readable.
Some of the crates published from https://github.com/servo/core-foundation-rs do not properly package the license text when publishing the crate.
gtk crates don't include the license text in older versions, though versions published after 2021-10-21 will have the license information in the packaged source so the workaround is not needed for those versions.
prost crates don't include the license text in the published crates.
ring crate puts puts 4 different licenses in a single file which confuses tools and also doesn't declare its expression in the Cargo.toml manifest.
rustls crate puts puts 3 different licenses in a single file which confuses tools. This should be fixed in later versions.
None of the crates published from https://github.com/getsentry/sentry-rust include the license text.
None of the crates published from https://github.com/hyperium/tonic include the license text.
None of the crates published from https://github.com/sonos/tract included the license text previous to versions 0.15.4. Versions after this do include the license text and this workaround is not needed
The crates around
cranelift, many but not all of which are published from https://github.com/bytecodealliance/wasmtime, use the
Apache-2.0 WITH LLVM-exception, and the license text reflects this. However, neither
askalono report the inclusion of the
LLVM-exception, so this workaround just clarifies that.