+++ This bug was initially created as a clone of Bug #1724169 +++
I noticed IO-Socket-SSL-2.066 sources distribute Public Suffix list from <https://publicsuffix.org/list/> in lib/IO/Socket/SSL/PublicSuffix.pm file. The data carry it's own license declaration:
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at https://mozilla.org/MPL/2.0/.
I believe perl-IO-Socket-SSL should add MPLv2.0 to the License tag.
--- Additional comment from Paul Howarth on 2019-06-26 15:16:44 GMT ---
Fixed in perl-IO-Socket-SSL-2.066-4.fc31
RHEL-8.1.0 (perl-IO-Socket-SSL-2.066-2.el8) is affected. Since a bad license tag is a regression introduced in bug #1632600, I request fixing it in RHEL-8.1.0.
I digged a history and the MPLv2-licensed code exists since upstream's IO-Socket-SSL-1.976. That means since RHEL ≥ 8.0.0. Nevertheless, it's fixed now.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.