From 9a8382cf570afbe7f9c4267f9a293ecc189f23aa Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Tue, 16 Nov 2021 13:24:18 +0200
Subject: chore: add config for `cargo deny`

This allows `cargo deny check` to finish cleanly. The configuration
NEEDS to be improved: currently it silently allows things like
vulnerable dependencies. However, let's introduce the configuration
this way and tighten it up later. This will us at least get started
with using `cargo deny` without landing a large amount of works in our
laps at once.

Sponsored-by: author
---
 deny.toml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 deny.toml

diff --git a/deny.toml b/deny.toml
new file mode 100644
index 0000000..060738d
--- /dev/null
+++ b/deny.toml
@@ -0,0 +1,31 @@
+[advisories]
+vulnerability = "allow"
+unmaintained = "warn"
+unsound = "warn"
+yanked = "allow"
+notice = "warn"
+severity-threshold = "medium"
+
+[licenses]
+unlicensed = "deny"
+allow = [
+    "Apache-2.0",
+    "BSD-3-Clause",
+    "MIT",
+    "MIT-0",
+]
+copyleft = "warn"
+allow-osi-fsf-free = "neither"
+default = "deny"
+confidence-threshold = 0.8
+exceptions = [
+    { allow = ["GPL-3.0"], name = "roadmap" },
+]
+
+[licenses.private]
+ignore = false
+
+[bans]
+multiple-versions = "allow"
+wildcards = "allow"
+highlight = "all"
-- 
cgit v1.2.1