Licenses for default embedded fonts not included in epaint crate license
#2321
Labels
bug
Something is broken
Comments
repi
added a commit
to EmbarkStudios/rust-ecosystem
that referenced
this issue
Nov 19, 2022
Yes I did actually manually (lightly) audit all these crates by opening up the exact versions and looking for `unsafe` usage (none found!), dependencies, ambient capabilities through std/core, and such. And looks good! reviewing large Rust crates is not that hard when not using any such features 💯 Thanks @emilk 😃 Did find one under specified license though in `epaint` that I've stubbed out as a violation here - Filed: emilk/egui#2321 - Once this is resolved later we can enable the violation so previous versions will fail to be audited due to it. But can't do it yet because would fail `cargo vet` in our projects. Part of: - https://github.com/EmbarkStudios/ark/issues/6167 - https://github.com/EmbarkStudios/ark/issues/7090
|
Thanks for taking a look at this and opening an issue! I agree that the clean solution is desirable, but also more complicated, so maybe I'll start with the simple solution. |
|
sounds good! |
repi
added a commit
to EmbarkStudios/rust-ecosystem
that referenced
this issue
May 26, 2023
In versions 0.19.0 and before the license was not including embedded static resources. This was tracked in emilk/egui#2321 and resolved in 0.20.0.
|
Link to the ubuntu font license 404s |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The
epaintcrate uses licenseMIT OR Apache-2.0but when one uses it with the default features or thedefault_fontsfeatures a set of default fonts are embedded in the binary that have additional licenses.This makes it so tools like cargo-deny (license compliance) and cargo-about (license attribution) can't see and validate/include the required licenses.
These are the licenses used for the default fonts:
fonts/emoji-icon-font.ttf- license: MITfonts/Hack-Regular.ttf- license: MITfonts/NotoEmoji-Regular.ttf- license:OFL-1.1fonts/Ubuntu-Light.ttf- license: "UBUNTU FONT LICENSE 1.0"LicenseRef-UFL-1.0.So to be fully correct in the license definition of the
epaintcrate I believe we would have to specify to license as:(MIT OR Apache-2.0) AND OFL-1.1 AND LicenseRef-UFL-1.0.A recent and good previous example for another crate was dtolnay/unicode-ident#9.
A drawback of that however would be that if you use the crate with
default-features = falseand not withfeatures = ["default_fonts"]tools wouldn't know that these licenses are then not required.So believe the most clean solution for everyone would be to split out the default fonts into a separate crate (like
epaint-default-fonts) that has this full license, a crate that just doesinclude_bytes!on the fonts and exposes global variable with them. And then inepaintwe can keepMIT OR Apache-2.0license and include theepaint-default-fontsoptionally in that.Tools like cargo-deny and cargo-about would fully understand this and then only require that the
OFL-1.1andLicenseRef-UFL-1.0are on the allow list if the optional default fonts are included.What do you think about such an approach @emilk ?
The text was updated successfully, but these errors were encountered: