Incorrect declared license pulled by tooling

[ariel11]

For the pillow packages, the tooling seems to think the declared license is CAL-1.0, even though the tooling identified the LICENSE as something else.

Not sure where the crawler is pulling CAL-1.0 from but that is incorrect - e.g. https://clearlydefined.io/definitions/pypi/pypi/-/pillow/8.2.0

FYI @peggymoloney

[ariel11]

This is still happening - https://clearlydefined.io/definitions/pypi/pypi/-/pillow/8.3.0

[qtomlinson]

After syncing and rebuilding my local dev environment, response from http://localhost:4000/definitions/pypi/pypi/-/pillow/8.2.0 still showed license.declared as "CAL-1.0"

[qtomlinson]

@ariel11 @capfei This seems to be a duplicate of #519. Could you please confirm? CAL-1.0 for https://clearlydefined.io/definitions/pypi/pypi/-/pillow/9.4.0. Discussion on root cause, see #519 (comment)

[ariel11]

@qtomlinson - agree they look like the same issue.

[ariel11]

This package has the same issue with "CAL-1.0" being the declared license finding, which is wrong - https://clearlydefined.io/definitions/pypi/pypi/-/matplotlib/3.9.2

[qtomlinson]

Current PR on parsing precedence from info.license and info.classifier does not help this case: pypi/pypi/-/matplotlib/3.9.2

• from registryData:

  • from the info.classifier, spdxCorrect('Python Software Foundation License') yield null
  • from the info.license, spdxCorrect yields 'CAL-1.0'

• from scancode, v30 yields NOASSERTION, may want to test v32.