[REUSE] REUSE badge for non-default branch of a git repository
Max Mehl
max.mehl at fsfe.org
Tue Apr 27 14:03:26 UTC 2021
Hi Peter,
~ Peter Moser [2021-04-15 16:07 +0200]:
> The problem now is, that currently I have the .reuse and LICENSES folder
> only on our "development" branch.
>
> https://github.com/noi-techpark/webcomp-mountain-area/tree/development
>
> On my local machine "reuse lint" gives green light for REUSE compliance,
> but the badge shows non-compliant, because it seems to always check the
> main branch of each registered repository.
>
> Is there a possibility to automatically check the current branch?
I gave this a longer thought but am not able to find a good solution for
this with our current API setup, both technically and strategically.
These are the reasons:
Aside from the one-time registration that only checks for validity of
the email address, the API holds no account data. So you would not be
able to change preferred branch once you've set it, e.g. during
registration.
Moreover, I would consider that such a branch-picking would break the
expectation of consumers of your REUSE compliant repository. If there is
a "REUSE compliant" badge, I would expect that I can clone your repo and
reuse parts of it easily because you provided all information about
copyright and licensing. However, in this scenario, this would perhaps
only apply to a development branch.
An evil mind could even set up a separate branch containing only one
REUSE compliant test file and register this with our API while having
the actual main branch being completely REUSE-ignorant. Of course there
would be other methods to fake a repo's REUSE compliance, but this would
make the official API providing a false-positive certification.
So as I said, I am afraid we cannot and don't want to enable a custom
branch. However, the API is not bound to the branch names "main" or
"master" – whatever you define as you default branch is being checked
by the API, so you could make you "development" branch the default
branch. But of course, this would also alter the branch that people see
when they visit your Git repository.
Best,
Max
--
Max Mehl - Programme Manager - Free Software Foundation Europe
Contact and information: https://fsfe.org/about/mehl | @mxmehl
Become a supporter of software freedom: https://fsfe.org/join
More information about the REUSE
mailing list