# Legal Report

Package:  cockpit-bootloader
Checkout: 740d053d9e1ad6c91265703cadb711b44b8ae6861afff9117b1ea75cd11c16c2
Unpacked: 295480 files (540MiB)



## System Notice

Manual review is required because no previous reports are available



## Licenses

**Warning** Elevated risk, package might contain incompatible licenses: GPL-2.0-only, Apache-2.0


Note: Report is incomplete, reviewers need to create new license patterns for unmatched keywords or ignore false
positive matches. Estimated risks for each file are based on the highest risk snippet. The lower its similarity to
existing license patterns, the higher the risk will climb above the predicted license.


### Risk 9 (Unknown)

* `node_modules.obscpio._/package._261/LICENSE.md`: 29.4% similarity to "Volatility-1.0", estimated risk 8
* `node_modules.obscpio._/package._317/LICENSE.md`: 33% similarity to "MIT", estimated risk 6
* `vendor/vendor/crc-catalog-2.4.0/README.processed.md`: 48.1% similarity to "MIT + Apache-2.0", estimated risk 5
* `vendor/vendor/whoami-1.6.1/README.processed.md`: 46.4% similarity to "BSL-1.0 OR Apache-2.0", estimated risk 5
* `vendor/vendor/zerocopy-0.8.31/win-cargo.bat`: 46.3% similarity to "Apache-2.0 OR MIT", estimated risk 5
* `node_modules.obscpio._/package._9/license`: 66.6% similarity to "MIT", estimated risk 4
* `vendor/vendor/chrono-0.4.42/README.md`: 85.6% similarity to "Apache-2.0 OR MIT", estimated risk 4
* `vendor/vendor/flume-0.11.1/tests/golang.rs`: 58.6% similarity to "BSD-3-Clause", estimated risk 4
* `vendor/vendor/hashlink-0.10.0/README.md`: 67.1% similarity to "MIT OR Apache-2.0", estimated risk 4
* `vendor/vendor/libm-0.2.15/README.md`: 82.1% similarity to "MIT OR Apache-2.0", estimated risk 4
* `vendor/vendor/proc-macro-crate-3.4.0/README.processed.md`: 82.4% similarity to "Apache-2.0 OR MIT", estimated risk 4
* `vendor/vendor/proc-macro-crate-3.4.0/src/lib.processed.rs`: 88.9% similarity to "Apache-2.0 OR MIT", estimated risk 4
* `vendor/vendor/regex-1.12.2/README.md`: 63.8% similarity to "Apache-2.0 OR MIT", estimated risk 4
* `vendor/vendor/tracing-subscriber-0.3.20/src/fmt/time/datetime.rs`: 69.4% similarity to "MIT", estimated risk 4
* `vendor/vendor/zeroize-1.8.2/README.md`: 68.7% similarity to "Apache-2.0 OR MIT", estimated risk 4
* `vendor/vendor/libm-0.2.15/LICENSE.txt`: 94.8% similarity to "Apache-2.0", estimated risk 3
* `vendor/vendor/futures-util-0.3.31/README.md`: 92.3% similarity to "Apache-2.0 OR MIT", estimated risk 2
* `vendor/vendor/android_system_properties-0.1.5/CONTRIBUTING.processed.md`: 96.2% similarity to "MIT OR Apache-2.0", estimated risk 1
* `vendor/vendor/async-recursion-1.1.1/src/lib.rs`: 95.1% similarity to "Apache-2.0 OR MIT", estimated risk 1
* `vendor/vendor/block-buffer-0.10.4/README.processed.md`: 95.1% similarity to "Apache-2.0 OR MIT", estimated risk 1
* `vendor/vendor/const-oid-0.9.6/README.md`: 95.1% similarity to "Apache-2.0 OR MIT", estimated risk 1
* `vendor/vendor/flume-0.11.1/README.processed.md`: 94.5% similarity to "Apache-2.0 OR MIT", estimated risk 1
* `vendor/vendor/pem-rfc7468-0.7.0/README.md`: 95.1% similarity to "Apache-2.0 OR MIT", estimated risk 1
* `vendor/vendor/signature-2.2.0/README.md`: 95.1% similarity to "Apache-2.0 OR MIT", estimated risk 1
* `vendor/vendor/toml_datetime-0.7.3/README.md`: 100% similarity to "Apache-2.0 OR MIT", estimated risk 1
* `vendor/vendor/uuid-1.18.1/README.md`: 94.6% similarity to "Apache-2.0 OR MIT", estimated risk 1


### Risk 4 (High)

* Any CLA: 1 file



### Risk 3 (Low)

* Any no warranty: 1 file
* Apache-2.0: 648 files
* Apache-2.0 WITH LLVM-exception: 4 files
* BSD-3-Clause: 7 files
* CC-BY-SA-4.0: 6 files
* GPL-Unspecified: 2 files
* MPL-Unspecified: 1 file



### Risk 2 (Low)

* All Rights Reserved: 118 files
* Any reference local: 840 files
* BSD-2-Clause: 15 files
* BSD-Unspecified: 10 files
* CC-BY-4.0: 1 file
* CC0-1.0: 1 file
* LGPL-Unspecified: 2 files
* MIT: 1 file
* Unicode-TOU: 43 files



### Risk 1 (Low)

* 0BSD: 9 files
* Any Permissive: 37 files
* Any copyright: 3 files
* Any distributed with: 1 file
* Any floating warranty: 4 files
* Any keep notice: 13 files
* Any reference local: 34 files
* Apache-2.0 OR MIT: 129 files
* BSD-2-Clause: 43 files
* BSD-3-Clause: 35 files
* BSD-Unspecified: 1 file
* BSL-1.0: 2 files
* BSL-1.0 OR Apache-2.0: 1 file
* CC0-1.0: 11 files
* GPL-2.0-only OR MIT: 1 file
* GPL-2.0-or-later OR MIT: 1 file
* ISC: 85 files
* LGPL-2.0-or-later: 1 file
* LGPL-2.1-only: 4 files
* LGPL-2.1-or-later: 6 files
* MIT: 1568 files
* MIT-0: 1 file
* MIT OR Apache-2.0: 925 files
* MIT OR BSD-2-Clause OR Apache-2.0: 266 files
* MIT OR Unlicense: 3 files
* Public-Domain: 10 files
* Python >=2.0.1: 1 file
* Unicode: 1 file
* Unicode-3.0: 18 files
* Unicode-DFS-2016: 2 files
* Unicode-TOU: 19 files
* Unlicense: 3 files
* W3C: 1 file
* Zlib: 8 files
* openSUSE specfile: 2 files



### Risk 0 (Low)

* Any CLA: 1 file
* Suse Copyright: 2 files



## About

This plain text report was generated by Cavil. For more details please consult the HTML and SPDX reports.