License check rejects FOSS license (in SPDX format)

[sellout]

I tried submitting a package with the license set to AGPL-3.0-only WITH Universal-FOSS-exception-1.0 OR LicenseRef-commercial and got the error “This server does not accept packages with 'license' field set to e.g. AllRightsReserved.” #710 talks about this message being misleading in some cases, but I figure in this case it actually determined the license is not FOSS for some reason.

I get that it’s not a trivial license[^1], but

1. the OR means that only one side needs to apply, so LicenseRef-commercial can be ignored, leaving AGPL-3.0-only WITH Universal-FOSS-exception-1.0
2. I’m not sure exactly how to handle WITH – SPDX makes it easy to determine if a license is FSF or OSI approved, but there’s no equivalent for exceptions – my inclination would be to accept them by default, and reject specific problematic ones as you come across them. Universal-FOSS-exception-1.0 gives additional rights, so I think shouldn’t be rejected.

[^1]: I have another package I’m about to publish with the slightly more complex (AGPL-3.0-only WITH Universal-FOSS-exception-1.0 OR LicenseRef-commercial) AND BSD-3-Clause license. This one should also pass, IMO, since it can effectively be reduced to AGPL-3.0-only AND BSD-3-Clause (with the whitelisting proposal I made above).