~ Sebastian Crane [2022-02-21 23:00 +0100]: >> It looks like this is a good fit for SPDX. If no one objects by next >> Tuesday March 1st, we'll go ahead and move it over. > > Certainly no objections from me! There are plenty of projects using > various custom scripts in GitHub Actions to check for SPDX license > headers, so it would be good to focus this effort.
Just a side note: actually they could make things so much easier. Let the REUSE tool run over the project, either in lint mode (and ignore the error) or generating the SBOM with the 'spdx' subcommand, and then grepping for the flagged licenses. There even is a Github action for it [^1]. Surely, the same would also be possible by using Scancode etc. Of course it's up to organisations to develop their own tools, however I am not sure whether they should be recommended and highlighted by SPDX or another large compliance group. IMHO it would make more sense to focus on the tools we already have and not reinvent the wheel unless a new tool really fills a gap. Just my 2 cents. Best, Max [^1]: https://github.com/marketplace/actions/reuse-compliance-check -- Max Mehl - Programme Manager -- Free Software Foundation Europe Contact and information: https://fsfe.org/about/mehl -- @mxmehl The FSFE is a charity that empowers users to control technology -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4385): https://lists.spdx.org/g/Spdx-tech/message/4385 Mute This Topic: https://lists.spdx.org/mt/89300462/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
