Hello, I wanted to raise a note that this crate currently has a transitive dependency on option-ext. That library is MPL-2, a copyleft license. The option-ext dependency is brought in via the dependency on directories. The maintainer of the underlying dirs-sys crate has indicated that they added a dependency on option-ext for the express purpose of tainting the use of dirs-sys with MPL-2, which thus taints any use of update-informer. I'd recommend using an alternate dependency such as etcetera, which does not suffer from this tainting issue.
I'll note that the default ureq dependency also pulls in webpki-roots, which is also MPL-2, but that is an optional dependency that can be side-stepped by using native-tls (though I would overall prefer to use rustls-tls, but with native-roots), so it's not a particular concern for me.
As an alternative, the caching functionality could be optional behind a feature, so that the MPL-2 dependency isn't required if we don't need the caching check.
Hello, I wanted to raise a note that this crate currently has a transitive dependency on
option-ext. That library is MPL-2, a copyleft license. Theoption-extdependency is brought in via the dependency ondirectories. The maintainer of the underlyingdirs-syscrate has indicated that they added a dependency onoption-extfor the express purpose of tainting the use ofdirs-syswith MPL-2, which thus taints any use ofupdate-informer. I'd recommend using an alternate dependency such asetcetera, which does not suffer from this tainting issue.I'll note that the default
ureqdependency also pulls inwebpki-roots, which is also MPL-2, but that is an optional dependency that can be side-stepped by usingnative-tls(though I would overall prefer to userustls-tls, but withnative-roots), so it's not a particular concern for me.As an alternative, the caching functionality could be optional behind a feature, so that the MPL-2 dependency isn't required if we don't need the caching check.