[Bug 2104867] [NEW] Degradation of valid SPDX license identifiers

Claudio Matsuoka 2104867 at bugs.launchpad.net
Fri Mar 28 03:54:35 UTC 2025 

Public bug reported:

Ubuntu release: 24.04.2 LTS

Package version: 3.3.9-1ubuntu1

Current behavior:

When using --shortname-scheme=spdx, licensecheck converts valid AGPL,
GPL and LGPL SPDX license identifiers to non-SPDX license names
(according to the SPDX License List 3.26.0), removing relevant
information that cannot be recovered from the extracted license name:

AGPL-1.0-only     becomes AGPL-1.0
AGPL-1.0-or-later becomes AGPL-1.0
AGPL-3.0-only     becomes AGPLv3
AGPL-3.0-or-later becomes AGPLv3
GPL-1.0-only      becomes GPL-1.0
GPL-1.0-or-later  becomes GPL-1.0
GPL-2.0-only      becomes GPL-2
GPL-2.0-or-later  becomes GPL-2
GPL-3.0-only      becomes GPL-3
GPL-3.0-or-later  becomes GPL-3
LGPL-2.0-only     becomes LGPL-2
LGPL-2.0-or-later becomes LGPL-2
LGPL-2.1-only     becomes LGPL-2.1
LGPL-2.1-or-later becomes LGPL-2.1
LGPL-3.0-only     becomes LGPL-3
LGPL-3.0-or-later becomes LGPL-3

Additionally, when a composite license expression (such as GPL-2.0-or-
later OR MIT) is supplied, only the first license is recognized and
presented in degraded form.


Expected behavior:

Llicensecheck --shortname-scheme=spdx should keep the original license
name if it matches a valid SPDX license identifier.

** Affects: licensecheck (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to licensecheck in Ubuntu.
https://bugs.launchpad.net/bugs/2104867

Title:
  Degradation of valid SPDX license identifiers

Status in licensecheck package in Ubuntu:
  New

Bug description:
  Ubuntu release: 24.04.2 LTS

  Package version: 3.3.9-1ubuntu1

  Current behavior:

  When using --shortname-scheme=spdx, licensecheck converts valid AGPL,
  GPL and LGPL SPDX license identifiers to non-SPDX license names
  (according to the SPDX License List 3.26.0), removing relevant
  information that cannot be recovered from the extracted license name:

  AGPL-1.0-only     becomes AGPL-1.0
  AGPL-1.0-or-later becomes AGPL-1.0
  AGPL-3.0-only     becomes AGPLv3
  AGPL-3.0-or-later becomes AGPLv3
  GPL-1.0-only      becomes GPL-1.0
  GPL-1.0-or-later  becomes GPL-1.0
  GPL-2.0-only      becomes GPL-2
  GPL-2.0-or-later  becomes GPL-2
  GPL-3.0-only      becomes GPL-3
  GPL-3.0-or-later  becomes GPL-3
  LGPL-2.0-only     becomes LGPL-2
  LGPL-2.0-or-later becomes LGPL-2
  LGPL-2.1-only     becomes LGPL-2.1
  LGPL-2.1-or-later becomes LGPL-2.1
  LGPL-3.0-only     becomes LGPL-3
  LGPL-3.0-or-later becomes LGPL-3

  Additionally, when a composite license expression (such as GPL-2.0-or-
  later OR MIT) is supplied, only the first license is recognized and
  presented in degraded form.

  
  Expected behavior:

  Llicensecheck --shortname-scheme=spdx should keep the original license
  name if it matches a valid SPDX license identifier.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/licensecheck/+bug/2104867/+subscriptions

More information about the foundations-bugs mailing list