Package: licenserecon Version: 1.14 Severity: wishlist licenserecon detects licenses mentioned in passing in the header as being the license the file is released under.
For example, privacybrowser displays the following: $ lrc en: Versions: recon 1.14 check 3.3.9-1 Parsing Source Tree .... Reading copyright .... Running licensecheck .... d/copyright | licensecheck GFDL-NIV-1.3+ | GFDL-1.3+ doc/index.docbook GPL-3+ | Apache-2.0 and/or GPL-3+ src/icons/javascript-warning.svg GPL-3+ | Apache-2.0 and/or GPL-3+ src/icons/privacybrowser-symbolic.svg GPL-3+ | Apache-2.0 and/or GPL-3+ src/icons/privacy-mode.svg GPL-3+ | Apache-2.0 and/or GPL-3+ src/icons/sc-apps-privacybrowser.svg Looking at the source of these packages show that elements of the .svg were taken from other graphics released under the Apache 2.0 license, but that the actual graphic in this file is only available under the GPL-3+. https://salsa.debian.org/soren/privacybrowser/-/blob/master/src/icons/javascript-warning.svg?ref_type=heads&plain=1 This might not be a scenario that is possible to accurately handle in an automated fashion. Although not a majority experience, it is also not uncommon for files to contain elements that were borrowed from other files under a different license, which is credited in the header, but for the combined file to only be available under a different license.
