For ROS recipes, recipes contain a license extracted from an XML and line is indicated in the recipe: For example, for XMLRCPP:
LICENSE = "LGPL-2.1"
LIC_FILES_CHKSUM = "file://package.xml;beginline=11;endline=11;md5=184dd1523b9a109aead3fbbe0b4262e0"
But Ar-track-alvar has the same license name but a different MD5:
LICENSE = "LGPL-2.1"
LIC_FILES_CHKSUM = "file://package.xml;beginline=10;endline=10;md5=061abe8dc89f326789675967c8760541"
Hence, how is this MD5 calculated if the strings are the same?
EDIT: @jku explained the reason and how it works. The simple explanation is that the second package.xml has 2 whitespaces at start
If the checksums are different, then the strings are not the same. The difference could be just whitespace or different copyright years.
The purpose of LIC_FILES_CHECKSUM isn't to ensure that the license really is what it claims to be (because that's not practically possible). Instead it's used to make sure the license does not change without the recipe maintainer noticing when the recipe version is updated.