Workarounds

Here's a list of the current set of workarounds, the crates they apply to, and why the workaround is needed

bitvec

The bitvec crate and one of its dependencies by the same author don't include the license information in the crate source.

• bitvec
• wyz

chrono

The chrono crate puts both the Apache-2.0 and MIT license texts in the same file, which confuses askalono and also means the SPDX expression is not machine readable.

• chrono

cocoa

Some of the crates published from https://github.com/servo/core-foundation-rs do not properly package the license text when publishing the crate.

• cocoa-foundation
• core-foundation
• core-foundation-sys
• core-graphics-types

gtk

The various gtk crates don't include the license text in older versions, though versions published after 2021-10-21 will have the license information in the packaged source so the workaround is not needed for those versions.

• atk-sys
• cairo-sys-rs
• gdk-pixbuf-sys
• gdk-sys
• gio-sys
• glib-sys
• gobject-sys
• gtk-sys

prost

The various prost crates don't include the license text in the published crates.

• prost
• prost-build
• prost-derive
• prost-types

ring

The ring crate puts puts 4 different licenses in a single file which confuses tools and also doesn't declare its expression in the Cargo.toml manifest.

• ring

rustls

The rustls crate puts puts 3 different licenses in a single file which confuses tools. This should be fixed in later versions.

• rustls

sentry

None of the crates published from https://github.com/getsentry/sentry-rust include the license text.

• sentry-actix
• sentry-anyhow
• sentry-backtrace
• sentry-contexts
• sentry-core
• sentry-debug-images
• sentry-log
• sentry-panic
• sentry-slog
• sentry-tower
• sentry-tracing
• sentry-types
• sentry

tonic

None of the crates published from https://github.com/hyperium/tonic include the license text.

• tonic
• tonic-build
• tonic-health
• tonic-types
• tonic-reflection

tract

None of the crates published from https://github.com/sonos/tract included the license text previous to versions 0.15.4. Versions after this do include the license text and this workaround is not needed

• tract-data
• tract-linalg
• tract-core
• tract-pulse
• tract-pulse-opl
• tract-hir
• tract-nnef
• tract-tensorflow
• tract-onnx-opl
• tract-onnx
• tract-kaldi
• tract-cli

wasmtime

The crates around wasmtime and cranelift, many but not all of which are published from https://github.com/bytecodealliance/wasmtime, use the Apache-2.0 WITH LLVM-exception, and the license text reflects this. However, neither clearlydefined.io nor askalono report the inclusion of the LLVM-exception, so this workaround just clarifies that.

• cranelift-bforest
• cranelift-codegen
• cranelift-codegen-meta
• cranelift-codegen-shared
• cranelift-entity
• cranelift-frontend
• cranelift-native
• cranelift-wasm
• regalloc
• wasi-cap-std-sync
• wasi-common
• wasmparser
• wasmtime-environ
• wasmtime-jit
• wasmtime-runtime
• wasmtime-types
• wasmtime-wasi
• wast
• wiggle
• wiggle-generate
• wiggle-macro
• winx

rustix

The crate rustix and its dependency linux-raw-sys are triple licensed under Apache-2.0 WITH LLVM-exception, Apache-2.0 and MIT licenses. However, they also include a COPYRIGHT file that confuses clearlydefined.io in parsing the license expression. This workaround clarifies the three licenses and their inclusion.

• rustix
• linux-raw-sys