License causing enterprise scanning software issues

[calebdwilliams]

The WTFPL is not recognized by some enterprise-level scanning tools (like Mend as an allowable license. I realize this is more likely than not an issue with my company's configuration of that software/legal requirements, but figured it wouldn't hurt to create an issue.

If this is something you're willing to resolve, any commonly-recognized permissable public license should work for us. If not, feel free to mark this as wontfix and I'll find another solution.

[voxpelli]

It is dual licensed under BSD as well, Mend should recognize that? Maybe Mend doesn't correctly understand dual licenses? Or the SPDX syntax here is wrong?

[calebdwilliams]

It recognizes both licenses but since the latter is a banned license it kicks it gets marked as a disallowed dependency. I’m honestly not sure if this is a problem with the dual license, Mend or our internal settings, just passing along the problem with as much info as I can.

For my part, I was able to remediate this by marking this package as a peer and dev dependency, but that’s not really what I was hoping to do.

[voxpelli]

That’s the wrong logic by Mend. As long as any of the licenses in a dual licensed project is okay the dependency should be deemed okay.

[calebdwilliams]

That makes sense to me. I’ll try poking around to see what I can figure out there. Please feel free to close this if you’d like.