# Pastebin YqdnDG5T Hello everyone, I'm trying to improve the Yocto Project's license tracing based on a proof-of concept implementation of linking sources with SPDX headers to output files by Richard at http://git.yoctoproject.org/cgit/cgit.cgi/poky-contrib/log/?h=rpurdie/license-experiments-osls. The code in package.bbclass creates a list of SPDX headers found for the sources that make up a given set of binaries that make up an individual package using debug symbols to map sources to the binaries. This is then compared with the license field of the given package containing those binaries. Due to some mismatches, warnings pop up during the build. Below are some few sample warnings and I'm aware of false positives; WARNING: glibc-2.32-r0 do_package: License for package nscd is {'GPL-2.0 WITH Linux-syscall-note'} vs GPLv2 & LGPLv2.1 WARNING: glibc-2.32-r0 do_package: License for package sln is {'GPL-2.0 WITH Linux-syscall-note'} vs GPLv2 & LGPLv2.1 WARNING: glibc-2.32-r0 do_package: License for package ldconfig is {'GPL-2.0 WITH Linux-syscall-note'} vs GPLv2 & LGPLv2.1 WARNING: glibc-2.32-r0 do_package: License for package glibc is {'GPL-2.0 WITH Linux-syscall-note'} vs GPLv2 & LGPLv2.1 WARNING: glibc-2.32-r0 do_package: License for package glibc-staticdev is {'GPL-2.0 WITH Linux-syscall-note'} vs GPLv2 & LGPLv2.1 WARNING: libcap-ng-0.8-r0 do_package: License for package libcap-ng is {'GPL-2.0 WITH Linux-syscall-note'} vs GPLv2+ & LGPLv2.1+ WARNING: libtirpc-1.2.6-r0 do_package: License for package libtirpc is {'GPL-2.0 WITH Linux-syscall-note'} vs BSD-3-Clause WARNING: ptest-runner-2.4.0+gitAUTOINC+834670317b-r0 do_package: License for package ptest-runner is {'GPL-2.0-or-later'} vs GPLv2+ WARNING: libcap-2.44-r0 do_package: License for package libcap is {'GPL-2.0 WITH Linux-syscall-note'} vs BSD | GPLv2 WARNING: libcap-2.44-r0 do_package: License for package libcap-staticdev is {'GPL-2.0 WITH Linux-syscall-note'} vs BSD | GPLv2 WARNING: openssl-1.1.1h-r0 do_package: License for package openssl-engines is {'GPL-2.0 WITH Linux-syscall-note', 'GPL-2.0+ WITH Linux-syscall-note'} vs openssl Any suggestions on improvements I can make to this functionality?