possible useful background information

[armijnhemel]

You might be interested to read the work that was presented at ASE2014:

https://rebels.cs.uwaterloo.ca/papers/ase2014_vanderburg.pdf
https://rebels.cs.uwaterloo.ca/confpaper/2014/09/14/tracing-software-build-processes-to-uncover-license-compliance-inconsistencies.html

[zvr]

Sure, Armijn, I remember that.
I had also presented at some point a way to have licensing information copied from sources to objects, so that the final binaries have some information embedded.

Everything old is new again -- now people discuss it again in the context of SBOMs.