bug with python packages?

[ariel11]

Came across (3) pypi packages with incorrect license info today.

• https://clearlydefined.io/definitions/pypi/pypi/-/PyInstaller/3.6/3.6 - tooling listed the declared license as GPLv3 when it is v2.
• https://clearlydefined.io/definitions/pypi/pypi/-/PyInstaller/3.4/3.4 (same as above)
• https://clearlydefined.io/definitions/pypi/pypi/-/pylint/2.3.0/2.3.0 - tooling listing GPL-1.0-or-later for many files and I am not sure where this is being pulled from. Many versions showing GPL-3.0-or-later for "declared" when the COPYING file is GPL-2.0 - https://clearlydefined.io/definitions/pypi/pypi/-/pylint/0.25.0,https://clearlydefined.io/definitions/pypi/pypi/-/pylint/2.3.1, etc.

[jeffmendoza]

Thanks for the report. We will need to look into if it is an issue from an underlying tool, or something the service is doing when calculating the "declared license" in the definition from the harvested data.

[royaljust]

Same issue with https://clearlydefined.io/definitions/pypi/pypi/-/dominate/2.5.1. GPLv3 reported as declared license even though it appears nowhere (all is LGPLv3).

[mpcen]

The bug is caused by a bug in a dependency. PR for fix is: jslicense/spdx-correct.js#34

[peggymoloney]

@nellshamrell - Found another one that incorrectly identified the component as GPL-v3 and should have been LGPL-v2.1 or later
https://clearlydefined.io/definitions/pypi/pypi/-/scp/0.13.3