The osbuild-depsolve-dnf currently produces SBOMs that use license strings from the RPM header as is. If the license string is not a valid SPDX license expression, the validation and parsing of the SBOM may fail.

The goal is to fix the implementation to always use valid license strings according to the SPDX specification.