# Project policies.
#
# These policies can be enforced using `cargo deny check`.

[advisories]
ignore = []

[licenses]
# Don't allow code with an unclear license.
unlicensed = "deny"

# Don't allow "copylefted" licenses unless they're listed below.
copyleft = "deny"

# Allow common non-restrictive licenses.
allow = [
    "MIT",
    "Apache-2.0",
    "BSD-2-Clause",
    "BSD-3-Clause",
    "CC0-1.0",
    "ISC",
    "MPL-2.0",
    "OpenSSL",
    "Unicode-DFS-2016",
]

# Many organizations ban AGPL-licensed code
# https://opensource.google/docs/using/agpl-policy/
deny = ["AGPL-3.0"]

[[licenses.clarify]]
# Ring has a messy license. We should either commit 100% to ring everywhere, or
# to native-tls everywhere, and not mix the two.
name = "ring"
expression = "ISC AND OpenSSL AND MIT"
license-files = [{ path = "LICENSE", hash = 3171872035 }]

[[licenses.clarify]]
name = "encoding_rs"
expression = "(MIT OR Apache-2.0) AND BSD-3-Clause AND CC0-1.0"
license-files = [{ path = "COPYRIGHT", hash = 972598577 }]

[bans]
# Warn about multiple versions of the same crate, unless we've indicated otherwise below.
multiple-versions = "warn"

deny = [
    # This never causes anything but portability misery.
    { name = "openssl-sys" },
    # `serde_derive` shipped unreproducible binary builds for a while. See
    # https://github.com/serde-rs/serde/issues/2538.
    { name = "serde_derive", version = ">1.0.171,<1.0.184" },
]

skip = [
    # This seems to be included by portable-atomic 0.3.20 for some reason.
    { name = "portable-atomic", version = "1.6.0" },
]

skip-tree = [
    # This has a bunch of old dependencies.
    { name = "bigtable_rs" },
]