Change license validation behavior to logical OR

[hfhbd]

https://github.com/facebook/rocksdb is licensed under Apache 2 as well as GPLv2.
https://repo.maven.apache.org/maven2/org/rocksdb/rocksdbjni/7.2.2/rocksdbjni-7.2.2.pom

<licenses>
  <license>
    <name>Apache License 2.0</name>
    <url>http://www.apache.org/licenses/LICENSE-2.0.html</url>
    <distribution>repo</distribution>
  </license>
  <license>
    <name>GNU General Public License, version 2</name>
    <url>http://www.gnu.org/licenses/gpl-2.0.html</url>
    <distribution>repo</distribution>
  </license>
</licenses>

repro:

plugins {
    kotlin("jvm") version "1.7.0-RC"
    id("app.cash.licensee") version "1.3.1"
}

repositories {
    mavenCentral()
}

dependencies {
    implementation("org.rocksdb:rocksdbjni:7.2.2")
}

licensee {
    allow("Apache-2.0")
}

dual.zip

[JakeWharton]

Hmm it's not really clear as to whether this list is a logical AND or a logical OR. The pom specification doesn't say anything about it.

I believe in our real usage we have a dependency which uses it as a logical AND for both the code license as well as embedded font licenses.

Not quite sure how to handle this universally.

[hfhbd]

Hm, according to the definition, it is OR: https://maven.apache.org/ref/3.5.4/maven-model/maven.html

If multiple licenses are listed, it is assumed that the user can select any of them, not that they must accept all.

Source: https://opensource.stackexchange.com/questions/2890/what-is-the-meaning-of-two-licenses-in-a-maven-pom

[JakeWharton]

Nice find!

Okay I can work on changing the behavior of the library this week. I'll report issues upstream to the libraries I've seen using it as an AND.