A recent scan of bunkerweb-1.5.8.tar.gz which was downloaded from
https://github.com/bunkerity/bunkerweb/archive/refs/tags/v1.5.8.tar.gz
resulted in a declared license of bsd-new, even though the project is clearly licensed under agpl-3.0 see
https://github.com/bunkerity/bunkerweb/blob/master/LICENSE.md
It appears that the bsd-new detection came from this file
bunkerweb-1.5.8/src/deps/src/libinjection/COPYING
which relates to the libinjection library used by the project
It seems to me that lower-level license statements (note that this COPYING file is in the /deps/src/ directory) should not influence the assignment of a declared license.
Scan results attached.
bunkerweb-1.5.8.tar.gz_scan.zip
A recent scan of bunkerweb-1.5.8.tar.gz which was downloaded from
https://github.com/bunkerity/bunkerweb/archive/refs/tags/v1.5.8.tar.gz
resulted in a declared license of bsd-new, even though the project is clearly licensed under agpl-3.0 see
https://github.com/bunkerity/bunkerweb/blob/master/LICENSE.md
It appears that the bsd-new detection came from this file
bunkerweb-1.5.8/src/deps/src/libinjection/COPYING
which relates to the libinjection library used by the project
It seems to me that lower-level license statements (note that this COPYING file is in the /deps/src/ directory) should not influence the assignment of a declared license.
Scan results attached.
bunkerweb-1.5.8.tar.gz_scan.zip