mirror of
https://github.com/signalapp/libsignal.git
synced 2024-09-19 19:42:19 +02:00
| .. | ||
| about.toml | ||
| acknowledgments.html | ||
| acknowledgments.html.hbs | ||
| acknowledgments.md | ||
| acknowledgments.md.hbs | ||
| acknowledgments.plist | ||
| acknowledgments.plist.hbs | ||
| cargo-about-version | ||
| README.md | ||
This directory contains pre-generated acknowledgments for the Rust dependencies of libsignal. CI enforces that they are kept up to date.
Updating
If you update libsignal's dependencies, you'll need to update this listing. Install cargo-about if you haven't already:
cargo +stable install --locked cargo-about --version $(cat acknowledgments/cargo-about-version)
Then:
- Run
bin/regenerate_acknowledgments.sh. - Check the HTML output for new "synthesized" entries. This can indicate that the license for a particular dependency was not properly detected.
- If there are any unaccounted-for "synthesized" entries, add new "clarify" entries to about.toml.
Apart from the projects in this very repo, there are a few other crates that unavoidably have "synthesized" licenses based on their Cargo manifests:
- cesu8: Very old crate whose repository contains a license file for the Rust project itself, rather than the crate.
- curve25519-dalek-derive: Uploaded without a license file, though a license is listed in the Cargo.toml. Not the same as the license of curve25519-dalek.
- half: Not actually synthesized! Their license file just matches the synthesized text perfectly. A bug in cargo-about, presumably.
- pqcrypto-*: Uploaded without a license file, though a license is listed in the Cargo.toml for each crate. The Kyber implementations we use are released as Public Domain, so no acknowledgment is necessary.