Update uuid crate to the latest 0.7.2
Categories
(Core :: DOM: Core & HTML, enhancement, P2)
Tracking
()
People
(Reporter: jkt, Unassigned)
References
Details
The crate uuid would be useful to update to provide stronger guarantees for Bug 1346759.
However this requires an update to the rand crate which now has an updated package fuchsia-cprng via the rand_os crate. This uses a BSD-like license that isn't declared in the Cargo.toml in the same way as fuchsia-zircon is that has the same licence.
This code will only ever be used when the rand crate is compiled for a fuchsia build target that as I understand it isn't supported at all, however Cargo doesn't have the ability to not vendor this code.
Ultimately this opens up the chance that we might end up compiling Firefox with this code at runtime, which I don't think we want.
Ideally we would probably want a solution that treats certain targets as optional as these won't be vendored. The way cargo vendor works currently is it vendors all targets.
|
Reporter | |
Comment 1•5 years ago
|
||
Sorry :mhoye, I meant to flag you for some feedback here.
TL;DR we have a confusing situation where we don't compile Firefox for fuchsia but we are getting vendored code that is not permitted by MPL licensing.
I suggest that we allow this change as we have previously, however have someone follow up on having a simpler solution: like removing the vendored code we won't use.
|
||
Comment 2•5 years ago
|
||
This looks fine to me, that's the "Google BSD License" - the BSD license plus a brand-protection clause - and we have examples of it in-tree already.
See here: about:license#google-bsd
|
||
Updated•5 years ago
|
|
Assignee | |
Updated•5 years ago
|
|
||
Updated•2 years ago
|
|
||
Comment 3•1 year ago
|
||
uuid was updated to 0.7.4 in bug 1552549, and later to 0.8.
Description
•