I tried submitting a package with the license set to AGPL-3.0-only WITH Universal-FOSS-exception-1.0 OR LicenseRef-commercial and got the error “This server does not accept packages with 'license' field set to e.g. AllRightsReserved.” #710 talks about this message being misleading in some cases, but I figure in this case it actually determined the license is not FOSS for some reason.

I get that it’s not a trivial license¹, but

1. the OR means that only one side needs to apply, so LicenseRef-commercial can be ignored, leaving AGPL-3.0-only WITH Universal-FOSS-exception-1.0
2. I’m not sure exactly how to handle WITH – SPDX makes it easy to determine if a license is FSF or OSI approved, but there’s no equivalent for exceptions – my inclination would be to accept them by default, and reject specific problematic ones as you come across them. Universal-FOSS-exception-1.0 gives additional rights, so I think shouldn’t be rejected.