incorrect license should be caught

[h1alexbel]

In XMIR, we have <license/> node with a program's license. We should compare this license with one supplied in LICENSE.txt in the root of the repo. If it does not match, we should report it with WARNING severity.

[h1alexbel]

@yegor256 @maxonfjvipon WDYT?

[yegor256]

@h1alexbel maybe it's better to make our XMIR more compliant with SPDX, and instead of license have this:

<program>
  <license name="MIT">2023-2025 Yegor Bugayenko</license>
</program>

[h1alexbel]

@yegor256 good point, we need to implement this on both layers: EO and lints. @maxonfjvipon FYI I've created objectionary/eo#3934

[h1alexbel]

@maxonfjvipon To lint +spdx meta, first we should do these:

• add missing-spdx lint with WARNING severity
• add spdx-is-not-top-meta lint with WARNING severity
• remove +spdx meta from unsorted-metas lint

I suggest to implement these steps in separate PRs

[h1alexbel]

@yegor256 I'm in

[yegor256]

@h1alexbel what spdx-is-not-top-meta is about?

[h1alexbel]

@yegor256 its about position of +spdx meta among other metas. It should be at the highest level (1-2 line numbers).

This is incorrect:

+architect jeff@google.com
+spdx SPDX-License-Identifier MIT

# F.
[] > f

While this is a correct one:

+spdx SPDX-License-Identifier MIT
+architect jeff@google.com

# F.
[] > f

In other words, +spdx meta should be out of default meta sort order.

[yegor256]

@h1alexbel what's the point? why can't it be among other metas? we need metas to be sorted.

[h1alexbel]

@yegor256 I feel like +spdx meta should be at the top of the file (like license header that it substitutes), or its redundant and should be placed among others?