Donate the SPDX header checker to this org?

[npmccallum]

I know that this issue doesn't really belong to this repo. But it seemed the best fit for my proposal.

Enarx is a Linux Foundation project under the auspices of the Confidential Computing Consortium. We have developed a GitHub Action which scans source code files in a software repo and highlights any which have missing SPDX license headers or use unapproved licenses.

Would this organization be interested in taking ownership of this tool? We would continue to develop it. But it may make more sense in your organization.

[goneall]

@npmccallum thanks for developing this tool. It does seem to fit the mission for SPDX and this repo. I'll take a look and bring this up to the SPDX tech tools group which part of part Automated Compliance Tooling (ACT) project. There is also an Free Software Foundation Europe project which has a similar mission is REUSE.

@kestewart @zvr - any thoughts?

[npmccallum]

@goneall @kestewart @zvr Do you have interest in this?

[zvr]

Ooops, sorry -- I missed this when it first appeared.
It's definitely interesting and I am +1 for taking the repo under the SPDX umbrella/organization. Something like https://github.com/spdx/check-headers-action or similar.

[goneall]

I'll send an update to SPDX tech list and if there are no general objections by next week, we can go ahead and move it to SPDX.

[swinslow]

+1 from me to moving this over, this looks very useful!

I agree with @zvr, I think it'd be appropriate for the destination repo to have a name which clarifies it's checking headers and/or licenses. check-headers-action seems fine to me.

@npmccallum thank you and the Enarx team for developing and contributing this!