Open npmccallum opened 3 years ago
goneall
commented
3 years ago @npmccallum thanks for developing this tool. It does seem to fit the mission for SPDX and this repo. I'll take a look and bring this up to the SPDX tech tools group which part of part Automated Compliance Tooling (ACT) project. There is also an Free Software Foundation Europe project which has a similar mission is REUSE.
@kestewart @zvr - any thoughts?
npmccallum
commented
2 years ago @goneall @kestewart @zvr Do you have interest in this?
zvr
commented
2 years ago Ooops, sorry -- I missed this when it first appeared. It's definitely interesting and I am +1 for taking the repo under the SPDX umbrella/organization. Something like https://github.com/spdx/check-headers-action or similar.
goneall
commented
2 years ago I'll send an update to SPDX tech list and if there are no general objections by next week, we can go ahead and move it to SPDX.
swinslow
commented
2 years ago +1 from me to moving this over, this looks very useful!
I agree with @zvr, I think it'd be appropriate for the destination repo to have a name which clarifies it's checking headers and/or licenses. check-headers-action seems fine to me.
@npmccallum thank you and the Enarx team for developing and contributing this!
I know that this issue doesn't really belong to this repo. But it seemed the best fit for my proposal.
Enarx is a Linux Foundation project under the auspices of the Confidential Computing Consortium. We have developed a GitHub Action which scans source code files in a software repo and highlights any which have missing SPDX license headers or use unapproved licenses.
Would this organization be interested in taking ownership of this tool? We would continue to develop it. But it may make more sense in your organization.