Henri Sivonen wrote:
This proposal makes sense to me when it comes to libraries that are not vendored from crates.io. However, this seems very heavyweight and only adds the Bugzilla metadata for crates.io crates. It seems to me that declaring the Bugzilla component isn't worth the trouble of having another metadata file in addition to Cargo.toml.
i agree; excluding third-party/rust from this makes sense. sorry didn't explicitly call that out initially.
Additonally, the examples suggest that this invents new ad hoc license identifiers. I suggest we not do that but instead use https://spdx.org/licenses/ and have a script to enforce that bogus values don't creep in.
-- glob — engineering workflow — moz://a _______________________________________________ dev-platform mailing list firstname.lastname@example.org https://lists.mozilla.org/listinfo/dev-platform