do you have any recommendations on how to check which license a package uses?
Is it enough to look at the upstream homepage or README which license it uses
or need a reviewer perform a code inspection? In the latter case is it enough
to check the headers of each file for licensing? And has each file have a
header with an allowed license? And after review, has the maintainer to check
on each new file on each release whether or not the file has an allowed