From 0607c511cc8f209349eb0288b832fa9435d0b01c Mon Sep 17 00:00:00 2001
From: Ethan Uppal <113849268+ethanuppal@users.noreply.github.com>
Date: Tue, 4 Feb 2025 23:15:27 -0500
Subject: [PATCH 1/4] chore(license): Setup `cargo-deny`

---
 README.md                           | 5 +++++
 deny.toml                           | 9 +++++++++
 examples/spade-project/Cargo.toml   | 4 ++--
 examples/verilog-project/Cargo.toml | 2 +-
 4 files changed, 17 insertions(+), 3 deletions(-)
 create mode 100644 deny.toml

diff --git a/README.md b/README.md
index 9386e71..c29674d 100644
--- a/README.md
+++ b/README.md
@@ -95,3 +95,8 @@ similar to the Lesser GNU Public License, except that the copyleft applies only
 to the source code of this library, not any library that uses it. That means you
 can statically or dynamically link with unfree code (see
 <https://www.mozilla.org/en-US/MPL/2.0/FAQ/#virality>).
+
+I use [`cargo-deny`](https://github.com/EmbarkStudios/cargo-deny) (see the
+[`deny.toml`](./deny.toml) to ensure no licensing violations occur. I also check
+this on CI to prevent merging any new dependencies or dependency updates that
+introduce incompatible licenses.
diff --git a/deny.toml b/deny.toml
new file mode 100644
index 0000000..6065c46
--- /dev/null
+++ b/deny.toml
@@ -0,0 +1,9 @@
+[licenses]
+allow = ["MIT", "Apache-2.0", "MPL-2.0", "EUPL-1.2", "ISC", "Unicode-3.0"]
+exceptions = [
+    # we allow colog's LGPL because it is only used in GPL code
+    { allow = ["LGPL-3.0"], crate = "colog" },
+    { allow = ["GPL-3.0"], crate = "example-verilog-project" },
+    { allow = ["GPL-3.0"], crate = "example-spade-project" },
+]
+confidence-threshold = 1.0
diff --git a/examples/spade-project/Cargo.toml b/examples/spade-project/Cargo.toml
index 067fb88..892526d 100644
--- a/examples/spade-project/Cargo.toml
+++ b/examples/spade-project/Cargo.toml
@@ -7,13 +7,13 @@ rust-version.workspace = true
 description.workspace = true
 repository.workspace = true
 readme.workspace = true
-license.workspace = true
+license = "GPL-3.0"
 
 [[bin]]
 name = "simple_test"
 path = "test/simple_test.rs"
 
 [dependencies]
-colog.workspace = true
 snafu.workspace = true
+colog.workspace = true
 spade.workspace = true
diff --git a/examples/verilog-project/Cargo.toml b/examples/verilog-project/Cargo.toml
index f0d45f3..0355ad7 100644
--- a/examples/verilog-project/Cargo.toml
+++ b/examples/verilog-project/Cargo.toml
@@ -7,7 +7,7 @@ rust-version.workspace = true
 description.workspace = true
 repository.workspace = true
 readme.workspace = true
-license.workspace = true
+license = "GPL-3.0"
 
 [[bin]]
 name = "tutorial"

From 6453de11221f843da2bec86c813f6c8b6fdeb068 Mon Sep 17 00:00:00 2001
From: Ethan Uppal <113849268+ethanuppal@users.noreply.github.com>
Date: Tue, 4 Feb 2025 23:17:21 -0500
Subject: [PATCH 2/4] ci: Test cargo-deny in CI

---
 .github/workflows/cargo-deny.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 .github/workflows/cargo-deny.yaml

diff --git a/.github/workflows/cargo-deny.yaml b/.github/workflows/cargo-deny.yaml
new file mode 100644
index 0000000..cb8e911
--- /dev/null
+++ b/.github/workflows/cargo-deny.yaml
@@ -0,0 +1,8 @@
+name: cargo-deny
+on: [push, pull_request]
+jobs:
+  cargo-deny:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - uses: EmbarkStudios/cargo-deny-action@v2

From 2c061b6d3e34646684fed674e25701873aa1a9cd Mon Sep 17 00:00:00 2001
From: Ethan Uppal <113849268+ethanuppal@users.noreply.github.com>
Date: Tue, 4 Feb 2025 23:18:22 -0500
Subject: [PATCH 3/4] docs: Add cargo-deny badge

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index c29674d..16de02d 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,7 @@
 
 [![CI Badge](https://github.com/ethanuppal/dumbname/actions/workflows/ci.yaml/badge.svg)](https://github.com/ethanuppal/dumbname/blob/main/.github/workflows/ci.yaml)
 [![Code Style Badge](https://github.com/ethanuppal/dumbname/actions/workflows/lint.yaml/badge.svg)](https://github.com/ethanuppal/dumbname/blob/main/.github/workflows/lint.yaml)
+[![cargo-deny badge](https://github.com/ethanuppal/dumbname/actions/workflows/cargo-deny.yaml/badge.svg)](https://github.com/ethanuppal/dumbname/blob/main/.github/workflows/cargo-deny.yaml)
 [![Lines of Code Badge](https://tokei.rs/b1/github/ethanuppal/dumbname?category=code)](https://github.com/ethanuppal/dumbname)
 
 > [!IMPORTANT]

From 220a8d1ae486238229c212f2a1711de33407434c Mon Sep 17 00:00:00 2001
From: Ethan Uppal <113849268+ethanuppal@users.noreply.github.com>
Date: Tue, 4 Feb 2025 23:21:55 -0500
Subject: [PATCH 4/4] docs: Update README

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 16de02d..4799a6a 100644
--- a/README.md
+++ b/README.md
@@ -89,7 +89,7 @@ The TLDR is procedural macros + `dlopen`.
 that uses a build script to statically link in verilated bindings, but is
 unmaintained for years as of writing this.
 
-## License
+## 🔒 License & Legal
 
 dumbname is licensed under the Mozilla Public License 2.0. This license is
 similar to the Lesser GNU Public License, except that the copyleft applies only