IBM seek repeated permission like this for lots of reasons, but mainly to avoid possible problems in the future. I've been through this process a few times getting permission to include 3rd party packages in our products. It's long and drawn out but I can see why they do it.
It all boils down to the fact that it's not just as simple as IBM trusting the license terms as shown.
For example, someone can take some code protected by GPLv2, naughtily strip off that license and apply a completely different (friendlier) license such as MIT or Eclipse. If IBM trusted this code (and license) as supplied then it (IBM) could get sued because it is (unknowingly) using GPLv2 licensed code and not honoring the conditions. It matters not one bit that they thought it was MIT or Eclipse licensed. It matters not one bit that someone else did the naughty thing of changing the license. IBM can still get sued, and theoretically be forced to publish source code that they may not want to, and people love suing IBM.
Another example question is: Did all contributors to the code have permission from their employers (if appropriate) to participate in the development of the package and relinquish their (the employer's) rights to any claim for the code?
The license is only as strong as its weakest link.
I know I've had a package turned down because we weren't able to get in contact with every contributer in order to convince the legal team that this wasn't a risk.
In other words, IBM want to be absolutely sure that including this code isn't ever going to come back and bite them in the ass if they do use this package.
It all boils down to the fact that it's not just as simple as IBM trusting the license terms as shown.
For example, someone can take some code protected by GPLv2, naughtily strip off that license and apply a completely different (friendlier) license such as MIT or Eclipse. If IBM trusted this code (and license) as supplied then it (IBM) could get sued because it is (unknowingly) using GPLv2 licensed code and not honoring the conditions. It matters not one bit that they thought it was MIT or Eclipse licensed. It matters not one bit that someone else did the naughty thing of changing the license. IBM can still get sued, and theoretically be forced to publish source code that they may not want to, and people love suing IBM.
Another example question is: Did all contributors to the code have permission from their employers (if appropriate) to participate in the development of the package and relinquish their (the employer's) rights to any claim for the code?
The license is only as strong as its weakest link.
I know I've had a package turned down because we weren't able to get in contact with every contributer in order to convince the legal team that this wasn't a risk.
In other words, IBM want to be absolutely sure that including this code isn't ever going to come back and bite them in the ass if they do use this package.