From 3be76d1421fdd4eed619a045c07fcd738a4757fb Mon Sep 17 00:00:00 2001
From: Spencer Schrock <sschrock@google.com>
Date: Fri, 19 Jul 2024 14:19:11 -0700
Subject: [PATCH] lower license score alert threshold to 9

When the threshold was introduced, the license check was a boolean
check: 0 points for no license, and 10 points with a license. This
later changed as covered in https://github.com/ossf/scorecard/issues/1369

As the last point relies on SPDX detection, it's often flaky. Lowering
the threshold allows us to still warn if a license isn't detected but
not expect perfection.

Signed-off-by: Spencer Schrock <sschrock@google.com>
---
 policies/template.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policies/template.yml b/policies/template.yml
index dd6bdc88..a59482bf 100644
--- a/policies/template.yml
+++ b/policies/template.yml
@@ -27,7 +27,7 @@ policies:
       score: 10
       mode: enforced
   License:
-      score: 10
+      score: 9
       mode: enforced
   Pinned-Dependencies:
       score: 10