Every action on the whitelist is tracked in the Auditlogs. Every time somebody adds or removes a license it creates an Entry in the Auditlogs. Until now the entry on the Auditlog displayed the full license name and the license list itself displayed the SPDX identifier. That was a little bit confusing because it was not a 100% match and difficult to manually reproduce the whitelist.
Now this is fixed in the current version. VersionEye is using the SPDX identifier in the Auditlogs as well. Now it looks like this.
Now the Auditlogs for the whitelist is much easier to understand.