# Legal Report Package: hauler Checkout: 69ca5e4eeaa159ce0bdff54247d71066c5232b5116aa44fe4da074b6d950d2d7 Unpacked: 17160 files (4.6GiB) ## Licenses **Warning** Elevated risk, package might contain incompatible licenses: GPL-2.0-only, Apache-2.0 Note: Report is incomplete, reviewers need to create new license patterns for unmatched keywords or ignore false positive matches. Estimated risks for each file are based on the highest risk snippet. The lower its similarity to existing license patterns, the higher the risk will climb above the predicted license. ### Risk 9 (Unknown) * `vendor/github.com/sorairolake/lzip-go/README.md`: 36.1% similarity to "Apache-2.0", estimated risk 7 * `hauler-1.4.1/testdata/haul/blobs/sha256/69e2f037cdb30c8d329b17dad42cd9d92a45d93c17e6699650b23c55eceacb5f._/usr/share/man/man1/cms.processed.1ssl`: 46.7% similarity to "OpenSSL", estimated risk 6 * `hauler-1.4.1/testdata/haul/blobs/sha256/69e2f037cdb30c8d329b17dad42cd9d92a45d93c17e6699650b23c55eceacb5f._/usr/share/man/man1/crl.1ssl`: 47% similarity to "OpenSSL", estimated risk 6 * `hauler-1.4.1/testdata/haul/blobs/sha256/69e2f037cdb30c8d329b17dad42cd9d92a45d93c17e6699650b23c55eceacb5f._/usr/share/man/man1/ecparam.1ssl`: 46.7% similarity to "OpenSSL", estimated risk 6 * `hauler-1.4.1/testdata/haul/blobs/sha256/69e2f037cdb30c8d329b17dad42cd9d92a45d93c17e6699650b23c55eceacb5f._/usr/share/man/man1/engine.1ssl`: 56.6% similarity to "OpenSSL", estimated risk 6 * `hauler-1.4.1/testdata/haul/blobs/sha256/69e2f037cdb30c8d329b17dad42cd9d92a45d93c17e6699650b23c55eceacb5f._/usr/share/man/man1/genpkey.1ssl`: 45.5% similarity to "OpenSSL", estimated risk 6 * `hauler-1.4.1/testdata/haul/blobs/sha256/69e2f037cdb30c8d329b17dad42cd9d92a45d93c17e6699650b23c55eceacb5f._/usr/share/man/man1/genrsa.processed.1ssl`: 47.1% similarity to "OpenSSL", estimated risk 6 * `hauler-1.4.1/testdata/haul/blobs/sha256/69e2f037cdb30c8d329b17dad42cd9d92a45d93c17e6699650b23c55eceacb5f._/usr/share/man/man1/rehash.1ssl`: 45.1% similarity to "OpenSSL", estimated risk 6 * `hauler-1.4.1/testdata/haul/blobs/sha256/69e2f037cdb30c8d329b17dad42cd9d92a45d93c17e6699650b23c55eceacb5f._/usr/share/man/man1/ts.1ssl`: 46.4% similarity to "OpenSSL", estimated risk 6 * `hauler-1.4.1/testdata/haul/blobs/sha256/69e2f037cdb30c8d329b17dad42cd9d92a45d93c17e6699650b23c55eceacb5f._/usr/share/man/man7/ct.7ssl`: 56.7% similarity to "OpenSSL", estimated risk 6 * `hauler-1.4.1/testdata/haul/blobs/sha256/69e2f037cdb30c8d329b17dad42cd9d92a45d93c17e6699650b23c55eceacb5f._/usr/share/man/man7/x509.7ssl`: 46.8% similarity to "OpenSSL", estimated risk 6 * `hauler-1.4.1/testdata/haul/blobs/sha256/9ff2acc3204b4093126adab3fed72de8f7bbfe332255b199c30b8b185fcf6923._/usr/share/base-files/motd`: 43.1% similarity to "LGPL-2.0-or-later", estimated risk 6 * `vendor/github.com/mikelolasagasti/xz/README.md`: 33.8% similarity to "0BSD", estimated risk 6 * `hauler-1.4.1/testdata/haul/blobs/sha256/69e2f037cdb30c8d329b17dad42cd9d92a45d93c17e6699650b23c55eceacb5f._/usr/share/doc/libc6/copyright`: 53.4% similarity to "IETF", estimated risk 5 * `hauler-1.4.1/testdata/haul/blobs/sha256/69e2f037cdb30c8d329b17dad42cd9d92a45d93c17e6699650b23c55eceacb5f._/usr/share/man/man1/ec.1ssl`: 59.6% similarity to "OpenSSL", estimated risk 5 * `hauler-1.4.1/testdata/haul/blobs/sha256/69e2f037cdb30c8d329b17dad42cd9d92a45d93c17e6699650b23c55eceacb5f._/usr/share/man/man1/errstr.1ssl`: 59.7% similarity to "OpenSSL", estimated risk 5 * `hauler-1.4.1/testdata/haul/blobs/sha256/69e2f037cdb30c8d329b17dad42cd9d92a45d93c17e6699650b23c55eceacb5f._/usr/share/man/man1/list.1ssl`: 63% similarity to "OpenSSL", estimated risk 5 * `hauler-1.4.1/testdata/haul/blobs/sha256/69e2f037cdb30c8d329b17dad42cd9d92a45d93c17e6699650b23c55eceacb5f._/usr/share/man/man1/ocsp.processed.1ssl`: 60% similarity to "OpenSSL", estimated risk 5 * `hauler-1.4.1/testdata/haul/blobs/sha256/69e2f037cdb30c8d329b17dad42cd9d92a45d93c17e6699650b23c55eceacb5f._/usr/share/man/man1/pkeyparam.1ssl`: 59.1% similarity to "OpenSSL", estimated risk 5 * `hauler-1.4.1/testdata/haul/blobs/sha256/69e2f037cdb30c8d329b17dad42cd9d92a45d93c17e6699650b23c55eceacb5f._/usr/share/man/man1/speed.1ssl`: 60% similarity to "OpenSSL", estimated risk 5 * `vendor/github.com/docker/cli/NOTICE`: 86.4% similarity to "Any floating warranty", estimated risk 4 * `vendor/sigs.k8s.io/json/LICENSE`: 96.6% similarity to "Apache-2.0", estimated risk 3 ### Risk 5 (High) * Any EULA: 1 file ### Risk 4 (High) * MPL-1.0: 1 file * MPL-1.1: 1 file ### Risk 3 (Low) * Any CLA: 2 files * Any Copyleft: 1 file * Any Patent: 2 files * Any reciprocal clause: 1 file * Any reference local: 1 file * Any reference remote: 2 files * Apache-2.0: 5433 files * Apache-2.0 AND CC-BY-4.0: 1 file * Apache-2.0 AND CC-BY-SA-4.0: 1 file * Apache-2.0 AND MIT: 2 files * BSD-3-Clause: 36 files * CC-BY-SA-4.0: 1 file * GPL-Unspecified: 3 files * LGPL Unspecified: 2 files * MPL-1.1: 1 file * MPL-2.0: 20 files * Oasis Spec Docs: 3 files * OpenSSL: 7 files ### Risk 2 (Low) * All Rights Reserved: 321 files * Any floating warranty: 3 files * Any permissive keep free: 1 file * Any reference local: 36 files * BSD-Unspecified: 1376 files * CC-BY-4.0: 7 files * CC-BY-SA-4.0: 2 files * ClArtistic: 1 file * GFDL-1.3-only: 1 file * GPL-1.0-or-later: 1 file * GPL-2.0-only: 1 file * GPL-2.0-or-later: 4 files * GPL-3.0-or-later: 1 file * IETF: 1 file * LGPL-3.0-or-later: 1 file * OpenSSL: 2 files * XFree86: 1 file * bzip2-1.0.6: 1 file * regex: 1 file ### Risk 1 (Low) * 0BSD: 1 file * Any CLA: 12 files * Any Permissive: 14 files * Any copyright: 2 files * Any distributed with: 5 files * Any floating warranty: 3 files * Any reference local: 249 files * Apache-2.0: 2 files * Apache-2.0 OR MIT: 10 files * BSD-2-Clause: 35 files * BSD-3-Clause: 118 files * DCO: 5 files * GFDL-1.2-only: 1 file * ISC: 25 files * LGPL-2.0-or-later: 1 file * LGPL-2.1-or-later: 3 files * MIT: 378 files * Public-Domain: 15 files * Zlib: 1 file * openSUSE specfile: 1 file ### Risk 0 (Low) * SUSE-FSF: 5 files * Suse Copyright: 15 files ## About This plain text report was generated by Cavil. For more details please consult the HTML and SPDX reports.