Previously we allowed this license unconditionally. But because of its
non-self-enacting nature, we need the actual notice from its "exhibit A"
to appear somewhere that says that it applies to all the relevant code.
Therefore, we shouldn't take new MPL-2.0 dependencies without
hand-checking them. (I am tentatively allowing option-ext, though,
since we already have an indirect dependency on that crate via
`directories`.)
For more info, see https://gitlab.torproject.org/tpo/core/arti/-/issues/845
The generational-arena crate is distributed under MPL-2.0,
so we need to allow it.
I believe that this license is fine and does not interfere with
our code or our users; the reviewer should double-check.
This commit changes the shebang in all shell scripts from absolute
paths (such as `/bin/bash` or `/usr/bin/python3`) to the `/usr/bin/env`
binary with the accompanying interpreter as it's argument.
The reason for this are as follows:
- NixOS cannot work with absolute paths
- BSD systems install their packages in /usr/local/bin
The license there is `(MIT OR Apache-2.0) AND Unicode-DFS-2016`,
which fine, but the existing shell script doesn't actually handle
"AND" correctly. This commit adds a workaround for licenses that
are "AND", and some comments about weaknesses in our (lack of)
boolean expression parsing.
This should fix CI.
Closes#462.
Note that the license on `ring` is slightly problematic for some
users, including as it does old the openssl license[^1], with
advertising clause and all. That's not a blocker for us now, since
`ring` is not a required dependency. But we wouldn't want `ring` to
become a mandatory dependency because of this.
[^1]: To make the situation even more complicated, modern openssl
has relicensed under apache-2.0, but that doesn't necessarily
help us, since ring took its code from boringssll, which
forked from an older version of openssl.
A build script reaching into your .git/hooks/ and modifying them
nonconsensually was a bit of a horrifying concept, and also made it hard
to build arti with the feature disabled. Remove this crate, and replace
it with manual instructions on how to install the hooks in
CONTRIBUTING.md.
As per #309
Update all references. There is one remaining hit for
git-grep '\.sh\b'
namely "build.sh" in maint/reproducible_build, which I think is
the build script for osxcross - ie, an external project.