Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address various issues through the use of Cargo deny. #862

Merged
merged 14 commits into from
Sep 5, 2024
Merged

Address various issues through the use of Cargo deny. #862

merged 14 commits into from
Sep 5, 2024

Conversation

DFINITYManu
Copy link
Contributor

@DFINITYManu DFINITYManu commented Sep 4, 2024
edited
Loading

  • Licensing compliance enforcement (needs to be reviewed).
  • Banning the use of OpenSSL altogether, to prevent problems with dynamic libraries.

CI/CD still needs to be addressed here.

Also, there is a package that is GPL 3.0 and therefore we cannot use it. This package is pulled in by chrome_headless and therefore we should remove that (to my understanding the screenshotting functionality doesn't currently work anyway). If we really want that, we should consider rearchitecting that functionality to be a separate program that gets invoked via execve() from the qualifier and takes the screenshots autonomously during qualification; that way, that program does not force the entire code base to link with the GPL library chrome_headless includes, which is incompatible with the qualifier code. We will then obviously have to add a screenshot-program-specific exception for that one in deny.toml, which is a nice self-referential reference, so that we can deny while we deny.

DFINITYManu and others added 2 commits September 4, 2024 17:46
@DFINITYManu
Address various issues through the use of Cargo deny.
366d014 
* Licensing compliance enforcement (needs to be reviewed).
* Banning the use of OpenSSL altogether, to prevent problems with dynamic libraries.

CI/CD still needs to be addressed here.

Also, there is a package that is GPL 3.0 and therefore we cannot use it.  This
package is pulled in by `chrome_headless` and therefore we should remove that.
@LittleChimera
Update external_crates.bzl
b8b03dd
@DFINITYManu DFINITYManu marked this pull request as ready for review September 5, 2024 14:51
@DFINITYManu DFINITYManu requested a review from a team as a code owner September 5, 2024 14:51
@DFINITYManu DFINITYManu enabled auto-merge (squash) September 5, 2024 15:06
@DFINITYManu DFINITYManu merged commit dc121c3 into main Sep 5, 2024
5 checks passed
@DFINITYManu DFINITYManu deleted the cargodeny branch September 5, 2024 15:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LittleChimera LittleChimera LittleChimera left review comments

@NikolaMilosa NikolaMilosa NikolaMilosa approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DFINITYManu @LittleChimera @NikolaMilosa