SCTK detects gpl-1.0-plus with insufficient evidence

[DennisClark]

In a recent scan of the Package available at https://github.com/facebook/sapling/archive/refs/tags/0.2.20240718-145624+f4e9df48.tar.gz multiple detections of gpl-1.0-plus were reported with insufficient evidence for that. Here is an example as presented in DejaCode:

sapling-0.2.20240718-145624-f4e9df48/eden/scm/contrib/chg/chg.c
Detected: gpl-1.0-plus

 * This software may be used and distributed according to the terms of the
 * GNU General Public License version 2 or any later version.

Detected: gpl-2.0-plus

 * GNU General Public License version 2 or any later version.

The scan results also report a Declared license of gpl-1.0-plus AND gpl-2.0-plus AND mit for which I am unable to find any supporting evidence of anything other than gpl-2.0-plus.

I continue to be of the opinion, btw, that SCTK over-reports gpl-1.0-plus whenever the version of a reference to the GPL license is not entirely clear, and that gpl-1.0-plus only contributes distracting noise. The default should be gpl-2.0-plus. But that is not the main issue here, which is that the text clearly indicates version 2 or any later version.

sapling-0.2.20240718-145624-f4e9df48.tar.gz_scan.zip

[AyanSinhaMahapatra]

Thanks for the report @DennisClark , I will verify that this (and all other open issues like this) are automatically resolved by #3254