科技回声

They intentionally added a copyleft-licensed library (options-ext) written by himself to poison the supply chain via `dirs-sys`. (Commit: <a href="https://github.com/dirs-dev/dirs-sys-rs/commit/e169da7af901eb621e5d244efe960f4da8ed150d#r109131407">https://github.com/dirs-dev/dirs-sys-rs/commit/e169da7af901e...</a>)<p>The dependency adds nothing of value and can trivially be removed. (<a href="https://github.com/dirs-dev/dirs-sys-rs/pull/22/files">https://github.com/dirs-dev/dirs-sys-rs/pull/22/files</a>)<p>When asked about it, they claim to prefer MPL and that the current license was an accident they 'may or may not correct'.<p>Popular dependents include - cross (<a href="https://crates.io/crates/cross" rel="nofollow">https://crates.io/crates/cross</a>) - terminfo (<a href="https://crates.io/crates/terminfo" rel="nofollow">https://crates.io/crates/terminfo</a>)

MPL 2.0 is not a "viral" license like the GPL. It is cross compatible with both Apache 2.0 and MIT. The knee jerk reaction to drop dirs-sys-rs over a non-existent licensing issue makes no sense.

Maintainer of Rust crate 'dirs-sys' intentionally poisons dependents with MPL

2 条评论

Maintainer of Rust crate 'dirs-sys' intentionally poisons dependents with MPL

2 条评论