Keeping the pointer creates use-after-free opportunities, and we don't have much reason to keep it around anyway.
SPDX standardizes how source code conveys its copyright and licensing information. See https://spdx.github.io/spdx-spec/1-rationale/ . SPDX tags are adopted in many large projects, including things like the Linux kernel.
This way, scrubbing can also be performed when converting to other formats.