New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Licenses for default embedded fonts not included in epaint
crate license
#2321
Labels
bug
Something is broken
Comments
repi
added a commit
to EmbarkStudios/rust-ecosystem
that referenced
this issue
Nov 19, 2022
Yes I did actually manually (lightly) audit all these crates by opening up the exact versions and looking for `unsafe` usage (none found!), dependencies, ambient capabilities through std/core, and such. And looks good! reviewing large Rust crates is not that hard when not using any such features 💯 Thanks @emilk 😃 Did find one under specified license though in `epaint` that I've stubbed out as a violation here - Filed: emilk/egui#2321 - Once this is resolved later we can enable the violation so previous versions will fail to be audited due to it. But can't do it yet because would fail `cargo vet` in our projects. Part of: - https://github.com/EmbarkStudios/ark/issues/6167 - https://github.com/EmbarkStudios/ark/issues/7090
Thanks for taking a look at this and opening an issue! I agree that the clean solution is desirable, but also more complicated, so maybe I'll start with the simple solution. |
sounds good! |
repi
added a commit
to EmbarkStudios/rust-ecosystem
that referenced
this issue
May 26, 2023
In versions 0.19.0 and before the license was not including embedded static resources. This was tracked in emilk/egui#2321 and resolved in 0.20.0.
Link to the ubuntu font license 404s |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The
epaint
crate uses licenseMIT OR Apache-2.0
but when one uses it with the default features or thedefault_fonts
features a set of default fonts are embedded in the binary that have additional licenses.This makes it so tools like cargo-deny (license compliance) and cargo-about (license attribution) can't see and validate/include the required licenses.
These are the licenses used for the default fonts:
fonts/emoji-icon-font.ttf
- license: MITfonts/Hack-Regular.ttf
- license: MITfonts/NotoEmoji-Regular.ttf
- license:OFL-1.1
fonts/Ubuntu-Light.ttf
- license: "UBUNTU FONT LICENSE 1.0"LicenseRef-UFL-1.0
.So to be fully correct in the license definition of the
epaint
crate I believe we would have to specify to license as:(MIT OR Apache-2.0) AND OFL-1.1 AND LicenseRef-UFL-1.0
.A recent and good previous example for another crate was dtolnay/unicode-ident#9.
A drawback of that however would be that if you use the crate with
default-features = false
and not withfeatures = ["default_fonts"]
tools wouldn't know that these licenses are then not required.So believe the most clean solution for everyone would be to split out the default fonts into a separate crate (like
epaint-default-fonts
) that has this full license, a crate that just doesinclude_bytes!
on the fonts and exposes global variable with them. And then inepaint
we can keepMIT OR Apache-2.0
license and include theepaint-default-fonts
optionally in that.Tools like cargo-deny and cargo-about would fully understand this and then only require that the
OFL-1.1
andLicenseRef-UFL-1.0
are on the allow list if the optional default fonts are included.What do you think about such an approach @emilk ?
The text was updated successfully, but these errors were encountered: