spdx / spdx-online-tools

Source for the website providing online SPDX tools
https://tools.spdx.org
Apache License 2.0
60 stars 57 forks source link

Donate the SPDX header checker to this org? #327

Open npmccallum opened 3 years ago

npmccallum commented 3 years ago

I know that this issue doesn't really belong to this repo. But it seemed the best fit for my proposal.

Enarx is a Linux Foundation project under the auspices of the Confidential Computing Consortium. We have developed a GitHub Action which scans source code files in a software repo and highlights any which have missing SPDX license headers or use unapproved licenses.

Would this organization be interested in taking ownership of this tool? We would continue to develop it. But it may make more sense in your organization.

goneall commented 3 years ago

@npmccallum thanks for developing this tool. It does seem to fit the mission for SPDX and this repo. I'll take a look and bring this up to the SPDX tech tools group which part of part Automated Compliance Tooling (ACT) project. There is also an Free Software Foundation Europe project which has a similar mission is REUSE.

@kestewart @zvr - any thoughts?

npmccallum commented 2 years ago

@goneall @kestewart @zvr Do you have interest in this?

zvr commented 2 years ago

Ooops, sorry -- I missed this when it first appeared. It's definitely interesting and I am +1 for taking the repo under the SPDX umbrella/organization. Something like https://github.com/spdx/check-headers-action or similar.

goneall commented 2 years ago

I'll send an update to SPDX tech list and if there are no general objections by next week, we can go ahead and move it to SPDX.

swinslow commented 2 years ago

+1 from me to moving this over, this looks very useful!

I agree with @zvr, I think it'd be appropriate for the destination repo to have a name which clarifies it's checking headers and/or licenses. check-headers-action seems fine to me.

@npmccallum thank you and the Enarx team for developing and contributing this!