Age | Commit message (Collapse) | Author |
|
Because we cannot release with "git" dependencies in Cargo.toml, we
ignore the advisory for the v0.3.0 release.
Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
(cherry picked from commit dbcc83ef292a282842ba30cefd70240fda8b0a55)
|
|
Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
|
|
So we do not accidentially update diesel or some other lib and depend on it by
accident.
Signed-off-by: Matthias Beyer <matthias.beyer@atos.net>
|
|
This patch adds the deny.toml configuration file for cargo-deny to
* check licenses of the dependencies
* check that dependencies are fetched from trusted sources
We do not allow copyleft licenses, except for MPL-2.0, which is
considered "safe" as a dependency because it only applies to the code
that's licensed, not code that depends on it. (IANAL)
We allow either OSI or FSF approved "free" licenses.
Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
|