BUG: "Scan all Packages" Action does not update Product-Package assignments

[DennisClark]

Describe the bug
"Scan all Packages" Action does not update Product-Package assignments, unlike "Improve Packages from PurlDB"

To Reproduce
Steps to reproduce the behavior:

1. Get the test SBOM. curl --remote-name https://www.python.org/ftp/python/3.12.2/Python-3.12.2.tgz.spdx.json
2. Create a Product in DejaCode v5.4.0. Execute import SBOM on the downloaded SBOM.
3. Review results. My test imported 31 Packages to the Product Inventory, all with concluded license of unknown.
4. Run "Scan all Packages". My test found and updated the license assignments for most of the Packages. None of the Product-Package license assignments were updated.
5. Run "Improve Packages from PurlDB". My test resulted in some updates to Product-Package license assignments.
6. if you Edit Product-Packages with the unknown license assignment you can update it with the scanned license key which is shown in the edit form, but that is a laborious, error-prone, and time-consuming manual process.

Expected behavior
The "Scan all Packages" Action should treat all Product-Package license assignments set to unknown as if the license assignment is null and update the Product-Package license assignment from the scan results.

[DennisClark]

@pombredanne does this issue qualify for any of our current Projects? Please update/advise accordingly, thanks.

[pombredanne]

@DennisClark

does this issue qualify for any of our current Projects? Please update/advise accordingly, thanks.

It sure does. We need to schedule this. Is there any risk to have a scan override the actual data already present? Should we keep instead both?

[DennisClark]

No risk. Note that unknown is what gets assigned when no license is found. We already treat it specially in the improve from PurlDB action.

[DennisClark]

scheduled for the 2025-10-15 iteration for @tdruez to address, unless someone else can handle it sooner.