pkg-perl-maintainers team mailing list archive

Thread
Date

[Bug 2104867] [NEW] Degradation of valid SPDX license identifiers

To: pkg-perl-maintainers@xxxxxxxxxxxxxxxxxxx
From: Claudio Matsuoka <2104867@xxxxxxxxxxxxxxxxxx>
Date: Fri, 28 Mar 2025 04:00:31 -0000
Reply-to: Bug 2104867 <2104867@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Public bug reported:

Ubuntu release: 24.04.2 LTS

Package version: 3.3.9-1ubuntu1

Current behavior:

When using --shortname-scheme=spdx, licensecheck converts valid AGPL,
GPL and LGPL SPDX license identifiers to non-SPDX license names
(according to the SPDX License List 3.26.0), removing relevant
information that cannot be recovered from the extracted license name:

AGPL-1.0-only     becomes AGPL-1.0
AGPL-1.0-or-later becomes AGPL-1.0
AGPL-3.0-only     becomes AGPLv3
AGPL-3.0-or-later becomes AGPLv3
GPL-1.0-only      becomes GPL-1.0
GPL-1.0-or-later  becomes GPL-1.0
GPL-2.0-only      becomes GPL-2
GPL-2.0-or-later  becomes GPL-2
GPL-3.0-only      becomes GPL-3
GPL-3.0-or-later  becomes GPL-3
LGPL-2.0-only     becomes LGPL-2
LGPL-2.0-or-later becomes LGPL-2
LGPL-2.1-only     becomes LGPL-2.1
LGPL-2.1-or-later becomes LGPL-2.1
LGPL-3.0-only     becomes LGPL-3
LGPL-3.0-or-later becomes LGPL-3

Additionally, when a composite license expression (such as GPL-2.0-or-
later OR MIT) is supplied, only the first license is recognized and
presented in degraded form.


Expected behavior:

Llicensecheck --shortname-scheme=spdx should keep the original license
name if it matches a valid SPDX license identifier.

** Affects: licensecheck (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Debian
Perl Group, which is subscribed to licensecheck in Ubuntu.
https://bugs.launchpad.net/bugs/2104867

Title:
  Degradation of valid SPDX license identifiers

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/licensecheck/+bug/2104867/+subscriptions