Artifacts with Licensed score < 75 are accepted if overall is >= 75

[lorthirk]

It's my understanding, according to the Eclipse Handbook, that the Overall score should not play any role when deciding if an artifact has an approved license, but only the Licensed score should be considered. However, according to https://github.com/eclipse/dash-licenses/blob/d6eae6c70884faa4c8bcc33d7d4e63bb9a2ddc74/core/src/main/java/org/eclipse/dash/licenses/clearlydefined/ClearlyDefinedSupport.java#L136-L137, it seems that if an artifact has a Licensed score < 75 but an overall >= 75, it's indeed accepted from the tool. As an example, https://clearlydefined.io/definitions/maven/mavencentral/org.apache.camel/camel-core/3.10.0 is reported as Accpeted:

...
maven/mavencentral/org.apache.camel/camel-core/3.10.0, Apache-2.0, approved, clearlydefined
...

Is this correct, or we should just consider the Licensed value?

[waynebeaton]

My understanding of how I want to make the go/no-go decision is evolving. The documentation and the tool are (as you point out) a little out of sync because of this.

I'm finding that the scores aren't as useful as we'd originally hoped. The scores include factors that we don't really care about from a purely licensing point of view. It's the discovered licenses that are what's actually interesting. What you see in the code now is my attempt to be as forgiving as possible with regard to the score without just removing it completely.

The Apache Camel Core library you cite is, for example, completely fine despite what the relatively low license score suggests.

I do need to resolve this.