Refine referenced_filenames in license rules

[pombredanne]

We should improve license rules "referenced_filenames" support.

Today we can follow the referenced "referenced_filenames" of a matched license rule and assigned the license of referenced file to the matched that referenced it.

For instance, with a match to an unknown-license-reference rule with text see license in license.txt, a detection would group this match and the match(es) in license.txt.

This works in some cases and not at all in some other cases. But in earnest, there are at least two different styles of file references that we are mixing up today:

1. The "See license in LICENSE file" style where the rule is for an unknown license (reference) and the file reference is either a notice or license text. Here we should deference and get the license found in the LICENSE file as the license of the whole detection.

The license in the referenced file becomes the new license of this match, overriding its license expression.

2. The "Licensed under the LGPL. See COPYING for details" style where the rule is a notice and the file reference points to a license text or a notice. Here we should merged the license in this rule and the license in the file reference in a smart way. For instance "LGPL" here is for LGPL-2.0 or later, but the COPYING may be for a an LGPL-2.1 and the apparent contradiction should be resolved in the detection.

The license in the referenced file only supports the license of this match and could either:

• refine and precise the license of the match (like in the case above).
• merely supports a notice.

For instance a notice may be: "Licensed under the GPLv2 or MIT. See GPL.txt and MIT.txt for details". Here the expression is a choice of GPL-2.0 OR MIT. If we combine the GPL-2.0 in GPL.txt and the MIT in MIT.txt we end up, overriding this expression with a a new detection and an expression of GPL-2.0 AND MIT which is incorrect..

Another example is the case where we have an LGPL-3.0 notice and where there is a n LGPL and a GPL text where the GPL is only supporting the LGPL.

[AyanSinhaMahapatra]

where there is a n LGPL and a GPL text where the GPL is only supporting the LGPL.

@pombredanne are there other cases of dependent keys like this?

And does other examples of case 2 come to mind where we don't want to use referenced matches?