On 09/03/2018 19:39, Gregory Szorc wrote:
> On Fri, Mar 9, 2018 at 7:28 AM, David Teller <dtel...@mozilla.com
> <mailto:dtel...@mozilla.com>> wrote:
> I'll need a license review for a vendored Rust package. Who can perform
> these reviews these days?
> We have an allow list of licenses in our Cargo config. So if the license
> is already allowed, you can reference the crate in a Cargo.toml and
> `mach vendor rust` will "just work." Otherwise, we need to review the
> license before any action is taken.
> **Only attorneys or someone empowered by them should review licenses and
> give sign-off on a license.**
Yes, that's exactly what I'm talking about. We have whitelisted BSD 3,
but I have a build-time dependency on vendored BSD 2 code.
> You should file a Legal bug at
> https://bugzilla.mozilla.org/enter_bug.cgi?product=Legal. I think the
> component you want is "Product - feature." Feel free to CC me and/or
> Ted, as we've dealt with these kinds of requests in the past and can
> help bridge the gap between engineering and legal. We also know about
> how to follow up with the response (e.g. if we ship code using a new
> license, we need to add something to about:license).
dev-platform mailing list