I have no opinion regarding whether or not Orbit information tracks the source of approval.
From an IP due diligence point of view, what I need from Orbit is the mapping from the bundle to the source content.
That is, what I actually need is knowledge that org.junit.platform.suite.api_1.8.1.v20211018-1956.jar comes from maven/mavencentral/org.junit.platform/junit-platform-suite-api/1.8.1 (that is, org.junit.platform:junit-platform-suite-api:1.8.1 on Maven Central). Right now, I'm tapping the Orbit metadata to try and get a mapping back to a CQ, and from the CQ to the GAV and from the GAV to the ClearlyDefined Id and from the ClearlyDefined Id to license information. I've written a pretty insane heuristic that with minimal hinting actually sorts out a lot of these mappings, but many of them end up just being really good guesses. Having a well-defined mapping would be handy.
My strong preference is that we not duplicate information. There is probably some value in having the historical perspective preserved as there is some tendency for the license information to evolve as we get better information. But... we can capture that historical perspective in IPLab.
Wayne