mirror/libsignal
0
0
Fork 0
mirror of https://github.com/signalapp/libsignal.git synced 2024-09-20 03:52:17 +02:00
Code
33836ff5c2
libsignal/acknowledgments/README.md
Jordan Rose 85e0de9207
Update Rust dependencies 
`cargo update` performed with Cargo 1.72 to avoid advancing our MSRV. assert_cmd, clap, protobuf, and protobuf-json-mapping needed to be manually held back.

Plus, explicit bumps for
- env_logger 0.11
- heck 0.5
- itertools 0.13
- num_enum 0.7
- prost 0.13
- tungstenite 0.23

And disallowing downgrading curve25519-dalek below the security update in 4.1.3.
2024-07-25 13:33:09 -07:00

26 lines
1.5 KiB
Markdown
Raw Blame History

This directory contains pre-generated acknowledgments for the Rust dependencies of libsignal. CI enforces that they are kept up to date.
## Updating
If you update libsignal's dependencies, you'll need to update this listing. Install [cargo-about][] if you haven't already:
```shell
cargo +stable install --locked cargo-about --version $(cat acknowledgments/cargo-about-version)
```
Then:
1. Run `bin/regenerate_acknowledgments.sh`.
2. Check the HTML output for new "synthesized" entries. This can indicate that the license for a particular dependency was not properly detected.
3. If there are any unaccounted-for "synthesized" entries, add new "[clarify][]" entries to about.toml.
Apart from the projects in this very repo, there are a few other crates that unavoidably have "synthesized" licenses based on their Cargo manifests:
- cesu8: Very old crate whose repository contains a license file for the Rust project itself, rather than the crate.
- half: Not actually synthesized! Their license file just matches the synthesized text perfectly. A bug in cargo-about, presumably.
- pqcrypto-\*: Uploaded without a license file, though a license is listed in the Cargo.toml for each crate. The Kyber implementations we use are released as [Public Domain][kyber], so no acknowledgment is necessary.
[cargo-about]: https://embarkstudios.github.io/cargo-about/
[clarify]: https://embarkstudios.github.io/cargo-about/cli/generate/config.html#the-clarify-field-optional
[kyber]: https://github.com/PQClean/PQClean/blob/round3/crypto_kem/kyber1024/clean/LICENSE
View Git Blame Copy Permalink