Ability to exclude unpublished crates from dependency resolution #708
Description
Is your feature request related to a problem? Please describe.
I have a workspace with some published and some unpublished crates. Today I know of no good way to check only the licenses of dependencies of actually published crates. I can set private.ignore = true in deny.toml, but that only excludes the unpublished crates themselves apparently. Running cargo deny check licenses still checks against the dependencies of those unpublished crates or at least includes them during dependency resolution.
Describe the solution you'd like
I want a straightforward way to check if the dependencies of crates I publish have matching licenses, without having to worry about dependencies I use in unpublished crates like examples. I imagine something like cargo deny check --exclude-dev --exclude-unpublished licenses should give the result I am after.
Describe alternatives you've considered
An alternative might be to use the behavior described above by default for crates that are publish = false. I am not sure if that is 100% backwards compatible as I don't know enough about how cargo does dependency resolution. My guess would be that it is.
Additional context
https://github.com/Tastaturtaste/argmin/tree/remove_cargo_deny_exception is the repository I have an issue with at the moment.