Looking at the delta view, the most material change is a comment stating "Updated LICENSE to say files in the contrib directory are not necessarily under the libpng license, and that some makefiles have other copyright owners." But that is always true ... one can never assume that a top level license applies to other files in the tree. So, I'm inclined to say there aren't substantive differences in this latest version and it could be handled with markup.

tried to discuss on 12/12 legal call, but my notes above were not sufficient, so will review again and revise

@jlovejoy Unless there are particular edits you've got ready now, I'll move this to 3.27.0 and we can aim to tackle it quickly after the 3.26.0 release is out.

adding more thorough time line, starting with:

1. Dec 2010 - SPDX added https://spdx.org/licenses/Libpng.html for version 1.4 of the SPDX License List (see https://lists.spdx.org/g/spdx/message/236 and discussion prior at https://lists.spdx.org/g/spdx/topic/22079227#msg235 - SPDX added what existed on the URL: http://www.libpng.org/pub/png/src/libpng-LICENSE.txt at that point in time.
2. Jan 2011 - PNG already had made updates to data and version number, see commit -
3. July 2015 - consolidated one of the notices and added some names (not substantive)
4. Feb 2016 - added 2 paragraphs re: "some files have other copyright owners" after list of names. Also removed some text at end re: png logo and added Trademark paragraph. Added Export Control paragraph
5. July 2018 - updates to export control paragraph.
6. Nov 2018 - libpng-2.0 added at top, trademark, OSI, and export parts removed

It was too hard to try to explain in text, so I've made a PR, which is failing and I can't figure out why. I also have a Google doc with comments and color-coding of the various changes over the years.

Overall, there isn't much that has changed substantively, but... mixing acknowledgments in between license text is not optimal for trying to match (and find) the actual license text!

oh, and there is probably more markup needed, but until I can figure out why it's failing, not worth adding more

Moving to 3.27.0 so we can discuss what changes are needed / desired here.

Not sure if there are any further actions required on this one but it sounds like @swinslow has it under control?

after various more discussing and research, adding this as new version/license as there are enough differences that it is not able to be accommodated via markup and there is some different lead-in language

This new license/exception request has been accepted and the information for the license/exception has been merged to the repository. Thank you to everyone who has participated!
The license/exception will be published at https://spdx.org/licenses/ as part of the next SPDX License List release, which is expected to be in three months' time or sooner. In the interim, the new license will appear on the license list preview site at https://spdx.github.io/license-list-data/.
This is an automated message.