@ky0ko > i want the build system and package manager to have their own license auditing framework

This is never going to work. So many projects include dependencies and code snippets from other projects and the licenses are impossible to track down. If everyone put a license header at the top of every source file it would be easier to figure out, but there are no standards here.... every project dumps all of their licenses and attributions for these externally sourced parts into random files, in docs, etc. Such a mess.

Trying to understand licensing of a package is a nightmare.