Workarounds

Here's a list of the current set of workarounds, the crates they apply to, and why the workaround is needed

bitvec

The bitvec crate and one of its dependencies by the same author don't include the license information in the crate source.

chrono

The chrono crate puts both the Apache-2.0 and MIT license texts in the same file, which confuses askalono and also means the SPDX expression is not machine readable.

cocoa

Some of the crates published from https://github.com/servo/core-foundation-rs do not properly package the license text when publishing the crate.

gtk

The various gtk crates don't include the license text in older versions, though versions published after 2021-10-21 will have the license information in the packaged source so the workaround is not needed for those versions.

prost

The various prost crates don't include the license text in the published crates.

ring

The ring crate puts puts 4 different licenses in a single file which confuses tools and also doesn't declare its expression in the Cargo.toml manifest.

rustls

The rustls crate puts puts 3 different licenses in a single file which confuses tools. This should be fixed in later versions.

sentry

None of the crates published from https://github.com/getsentry/sentry-rust include the license text.

tonic

None of the crates published from https://github.com/hyperium/tonic include the license text.

tract

None of the crates published from https://github.com/sonos/tract included the license text previous to versions 0.15.4. Versions after this do include the license text and this workaround is not needed

wasmtime

The crates around wasmtime and cranelift, many but not all of which are published from https://github.com/bytecodealliance/wasmtime, use the Apache-2.0 WITH LLVM-exception, and the license text reflects this. However, neither clearlydefined.io nor askalono report the inclusion of the LLVM-exception, so this workaround just clarifies that.