License databases of SCTK and license-expression are ouf of sync

[stefan6419846]

Description

With #3897, a new SPDX license list version has been added to SCTK, namely version 3.25.0. In the meantime, license-expression still uses version 3.23.0: https://github.com/aboutcode-org/license-expression/blob/main/src/license_expression/data/license_key_index.json.ABOUT

This possibly leads to unintended side effects, especially when SCTK will detect a license, but validation with license-expression fails as it does not know the SPDX ID.

System configuration

For bug reports, it really helps us to know:

• What OS are you running on? (Windows/MacOS/Linux) Linux
• What version of scancode-toolkit was used to generate the scan file? 32.3.0
• What installation method was used to install/run scancode? (pip/source download/other) not relevant

[AyanSinhaMahapatra]

@stefan6419846 Thanks for the report!

I have:

1. Updated license-expression with the latest licenses Update licenses with SPDX license list 3.25 license-expression#104 (and merged Update licensedb to 3.24 license-expression#102)
2. Released a new version at https://pypi.org/project/license-expression/30.4.0/
3. Updated Scancode with Bump license-expression to v30.4.0 #3960 so this is in latest develop now here

In the future we have to be more diligent about making these upgrades to avoid these unintended side effects of having different license lists in licensedb and license-expression, I have also added an issue at aboutcode-org/license-expression#103 to do this atleast semi-automatically there and update the license-expression versions in scancode-toolkit and scancode.io soon after.

It is fine to keep this issue open till the next sctk release or you can close it if you want.

[stefan6419846]

Thanks for having a look at this. I agree that automating makes sense here.

I am going to close this issue for now as the auto-updates are tracked already and SCTK only defines a lower bound for license-expression which allows applying the package update already.