Hi
I don't think the end-users are (legally) concerned with free software licenses, so I've been associating the package-license field with redistributors (e.g. cache servers, developers running guix pack). For them/me/us, something like an SBOM (REUSE.toml-like) declaration would be more useful.
I have same the doubt. In guix the license is attached to the package not the origin. In packages that mix multiple sources we usually only assign the licenses from the pkg source origin but not from other origins (e.g via inputs). Which makes sense if inputs are packages with their own licenses. However, I think with rust packages the source dependencies definitions does not include a license (just the origin). I'm sure there are other packages where an origin is used as input too.
