diff --git a/.machine_readable/REGISTRY.a2ml b/.machine_readable/REGISTRY.a2ml index 68e3c9fa..b9f84045 100644 --- a/.machine_readable/REGISTRY.a2ml +++ b/.machine_readable/REGISTRY.a2ml @@ -216,7 +216,7 @@ name = "RSR — Rhodium Standard Repositories" stream = "governance" home = "rhodium-standard-repositories/" canonical_doc = "rhodium-standard-repositories/README.adoc" -source_hash = "sha256:830dca99ac78da5834a0f796da50bc4e3a1874782206347141530f6db49e3b97" +source_hash = "sha256:2d4e465bee215808306f28053a84d2f146a7fb7f6e6e3780e5d6f4c1d18c7404" route = "the repository-compliance standard every repo is graded against" [[spec]] diff --git a/rhodium-standard-repositories/rsr-audit.sh b/rhodium-standard-repositories/rsr-audit.sh index 91e124be..ac231041 100755 --- a/rhodium-standard-repositories/rsr-audit.sh +++ b/rhodium-standard-repositories/rsr-audit.sh @@ -226,11 +226,14 @@ audit_category_2_documentation() { check_file_exists "MAINTAINERS.md" "MAINTAINERS.md present" check_file_exists "CHANGELOG.md" "CHANGELOG.md present" - # LICENSE.txt validation - if [[ -f "$REPO_PATH/LICENSE.txt" ]]; then - check_file_contains "LICENSE.txt" "SPDX-License-Identifier" "LICENSE.txt has SPDX identifier" - check_file_contains "LICENSE.txt" "MIT" "LICENSE.txt includes MIT license" - check_file_contains "LICENSE.txt" "Palimpsest" "LICENSE.txt includes Palimpsest license" + # LICENSE validation — estate policy: sole-owner repos are MPL-2.0 + # (accept `LICENSE` or `LICENSE.txt`). + local _license="" + [[ -f "$REPO_PATH/LICENSE.txt" ]] && _license="LICENSE.txt" + [[ -z "$_license" && -f "$REPO_PATH/LICENSE" ]] && _license="LICENSE" + if [[ -n "$_license" ]]; then + check_file_contains "$_license" "SPDX-License-Identifier" "LICENSE has SPDX identifier" + check_file_contains "$_license" "Mozilla Public License" "LICENSE is MPL-2.0 (estate sole-owner policy)" fi # README validation @@ -458,14 +461,13 @@ audit_category_7_licensing() { # License clarity check_file_exists "LICENSE.txt" "LICENSE.txt present (plain text, not LICENSE.md)" - if [[ -f "$REPO_PATH/LICENSE.txt" ]]; then - check_file_contains "LICENSE.txt" "MIT" "MIT license included" - check_file_contains "LICENSE.txt" "Palimpsest" "Palimpsest license included (ethical AI)" - fi - - # SPDX identifier in LICENSE.txt - if [[ -f "$REPO_PATH/LICENSE.txt" ]]; then - check_file_contains "LICENSE.txt" "SPDX-License-Identifier: MIT AND Palimpsest" "Correct SPDX identifier in LICENSE.txt" + # estate policy: sole-owner repos are MPL-2.0 (accept LICENSE or LICENSE.txt) + local _license="" + [[ -f "$REPO_PATH/LICENSE.txt" ]] && _license="LICENSE.txt" + [[ -z "$_license" && -f "$REPO_PATH/LICENSE" ]] && _license="LICENSE" + if [[ -n "$_license" ]]; then + check_file_contains "$_license" "Mozilla Public License" "LICENSE is MPL-2.0" + check_file_contains "$_license" "SPDX-License-Identifier: MPL-2.0" "Correct SPDX identifier in LICENSE (MPL-2.0)" fi # FUNDING.yml for funding transparency