mirror of
https://github.com/signalapp/libsignal.git
synced 2024-09-20 03:52:17 +02:00
85e0de9207
`cargo update` performed with Cargo 1.72 to avoid advancing our MSRV. assert_cmd, clap, protobuf, and protobuf-json-mapping needed to be manually held back. Plus, explicit bumps for - env_logger 0.11 - heck 0.5 - itertools 0.13 - num_enum 0.7 - prost 0.13 - tungstenite 0.23 And disallowing downgrading curve25519-dalek below the security update in 4.1.3.
26 lines
1.5 KiB
Markdown
26 lines
1.5 KiB
Markdown
This directory contains pre-generated acknowledgments for the Rust dependencies of libsignal. CI enforces that they are kept up to date.
|
|
|
|
## Updating
|
|
|
|
If you update libsignal's dependencies, you'll need to update this listing. Install [cargo-about][] if you haven't already:
|
|
|
|
```shell
|
|
cargo +stable install --locked cargo-about --version $(cat acknowledgments/cargo-about-version)
|
|
```
|
|
|
|
Then:
|
|
|
|
1. Run `bin/regenerate_acknowledgments.sh`.
|
|
2. Check the HTML output for new "synthesized" entries. This can indicate that the license for a particular dependency was not properly detected.
|
|
3. If there are any unaccounted-for "synthesized" entries, add new "[clarify][]" entries to about.toml.
|
|
|
|
Apart from the projects in this very repo, there are a few other crates that unavoidably have "synthesized" licenses based on their Cargo manifests:
|
|
|
|
- cesu8: Very old crate whose repository contains a license file for the Rust project itself, rather than the crate.
|
|
- half: Not actually synthesized! Their license file just matches the synthesized text perfectly. A bug in cargo-about, presumably.
|
|
- pqcrypto-\*: Uploaded without a license file, though a license is listed in the Cargo.toml for each crate. The Kyber implementations we use are released as [Public Domain][kyber], so no acknowledgment is necessary.
|
|
|
|
[cargo-about]: https://embarkstudios.github.io/cargo-about/
|
|
[clarify]: https://embarkstudios.github.io/cargo-about/cli/generate/config.html#the-clarify-field-optional
|
|
[kyber]: https://github.com/PQClean/PQClean/blob/round3/crypto_kem/kyber1024/clean/LICENSE
|