Package has classifier "License :: Other/Proprietary License" - raising licensing flags for Sonatype

We run all our components through Sonatype's quality checking tools automatically. It checks for known vulnerabilities, quality issues, and license issues. It is set up to block licenses that are not free, and it blocked this component for that reason, saying that it is proprietary (also lists Apache 2.0, which is confusing). Any time there is a license problem like this, we spend time to investigate before letting the component through - in this case using up a decent amount of time and delaying progress for us. I would imagine others probably have a similar setup. We can decide to move forward (probably will currently), but it is not ideal.

After some digging, it seems that it is because of the classifier on the PyPi package "License :: Other/Proprietary License". This was strange to see (even downloaded the whl and looked at it and it also showed the classifier), since pyproject.toml doesn't have that classifier, and has the license as Apache 2.0. Further digging revealed that maybe poetry adds that classifier if it doesn't recognize the value in the "License" field: https://github.com/python-poetry/poetry-core/blob/5d3abc51bb765d825f3162f34595d853b249a8eb/tests/spdx/test_license.py#L47

Based on poetry documentation, it looks like the way they expect this license to come through is "Apache-2.0" (with a dash).

TLDR; I think if the license value in pyproject.toml were updated in this way and the classifier didn't show up any more, it would clear the air so that organizations such as mine can use it more easily.

Note: We found the exact same thing with another package this morning and since all the same things still seem to apply to this one,, I've copied and pasted the description from there: https://github.com/Bachmann1234/diff_cover/issues/353

z3z1ma / dbt-osmosis

Package has classifier "License :: Other/Proprietary License" - raising licensing flags for Sonatype #74