Document that cargo/crates.io now uses SPDX 3.0

[ndarilek]

Cargo points me to https://spdx.org/licenses/ for a list of license identifiers. This page distinguishes between LGPL-2.1 and LGPL-2.1-or-later. I published a crate binding a C library whose licensing terms are LGPL-2.1-or-later, but my attempts to use this identifier failed, pointing me to the page that lists it as a possibility.

Maybe the solution is to support LGPL-2.1-or-later, but either way, the list of identifiers Cargo points me to doesn't seem authoritative. It took a few attempts to publish my crate, and given I'm trying to do that via CI and not directly, it took some time. :)

Thanks.

[ehuss]

I think this is an issue as to which version of SPDX it is expecting. See #4898 which recently updated this to 2.4. It doesn't look like the work to update to 3.0 has started, yet.

[wking]

See #4898 which recently updated this to 2.4.

Do you know when that information will be published (here?). Perhaps after the next Cargo release?

It doesn't look like the work to update to 3.0 has started, yet.

ehuss/license-exprs#11 has tooling in flight that should help automate this, in case folks want to chip in on review ;).

[ehuss]

Do you know when that information will be published (here?). Perhaps after the next Cargo release?

Presumably, yes. I think this update will be picked up once rust-lang/rust#47280 is merged, and then should show up in the next nightly. Then the next release will be 1.25 scheduled for the end of March. I am uncertain how the website documentation is updated, though.

[wking]

I think this update will be picked up once rust-lang/rust#47280 is merged…

It landed in January.

… and then should show up in the next nightly. Then the next release will be 1.25 scheduled for the end of March. I am uncertain how the website documentation is updated, though.

Can anyone weigh in on the website-update process? Are we waiting until 1.25 is cut before the doc updates are pushed?

[carols10cents]

Can anyone weigh in on the website-update process? Are we waiting until 1.25 is cut before the doc updates are pushed?

The docs at doc.rust-lang.org/cargo ride the trains now; the update is now available on the beta channel accessible at https://doc.rust-lang.org/beta/cargo/reference/manifest.html#package-metadata and therefore will be available at https://doc.rust-lang.org/cargo/reference/manifest.html#package-metadata with the next Rust release.

[wking]

There's a better 2.4 list (served as HTML) here. I'll file a PR switching to it later today.

[carols10cents]

@wking has updated crates.io to use the newer version of license-exprs that supports SPDX 3.0; so this issue is now only for updating cargo documentation to reflect as such.

[ehuss]

The link was recently updated to 3.6 in #7481. I'm going to close this as effectively done for now.