Context
Registry Stack has a repository-level Apache-2.0 license. OpenSSF Best Practices also rewards clear license and copyright metadata, especially for files where provenance is not obvious.
This issue tracks choosing and documenting a sustainable policy without doing broad mechanical churn before the policy is clear.
Scope
- Decide whether to use SPDX headers, REUSE conventions, a repository-level policy with exceptions, or another lightweight approach.
- Define which file types need explicit per-file metadata and which can inherit repository-level metadata.
- Document the policy in
CONTRIBUTING.md, README.md, or a dedicated licensing doc.
- Add a check only if it is low-noise enough for normal contributors.
- Update new-file guidance so future contributions follow the policy.
Done when
- The repository has a public, contributor-facing license metadata policy.
- New files have clear guidance for copyright/license metadata.
- Any automated check is documented and does not require private context.
Non-goals
- Do not mass-edit every file just to add headers until the policy and exceptions are agreed.
- Do not change the repository license as part of this issue.
Context
Registry Stack has a repository-level Apache-2.0 license. OpenSSF Best Practices also rewards clear license and copyright metadata, especially for files where provenance is not obvious.
This issue tracks choosing and documenting a sustainable policy without doing broad mechanical churn before the policy is clear.
Scope
CONTRIBUTING.md,README.md, or a dedicated licensing doc.Done when
Non-goals