What
Two workflow files declare a non-standard licence:
.github/workflows/scorecard.yml — SPDX-License-Identifier: PMPL-1.0.github/workflows/secret-scanner.yml — SPDX-License-Identifier: PMPL-1.0
The repo's canonical licence is MPL-2.0. However, rhodibot.yml carries comments hinting that PMPL in dotfiles/workflows may be deliberate policy — so this is a maintainer decision, not an obvious typo.
Decision needed
Either:
- MPL-2.0 everywhere — correct these two headers (and audit for other stray PMPL); or
- PMPL-1.0 is intentional for select infra/dotfiles — document the policy explicitly (e.g. in the licence/governance docs) so it stops reading as an inconsistency, and add a licence-consistency-check exemption.
Left untouched in PR #50 per the "no workflow YAML" guardrail and because it's a policy call.
Found during the 2026-06-14 deep-checkpoint. Not covered by existing issues.
What
Two workflow files declare a non-standard licence:
.github/workflows/scorecard.yml—SPDX-License-Identifier: PMPL-1.0.github/workflows/secret-scanner.yml—SPDX-License-Identifier: PMPL-1.0The repo's canonical licence is MPL-2.0. However,
rhodibot.ymlcarries comments hinting that PMPL in dotfiles/workflows may be deliberate policy — so this is a maintainer decision, not an obvious typo.Decision needed
Either:
Left untouched in PR #50 per the "no workflow YAML" guardrail and because it's a policy call.
Found during the 2026-06-14 deep-checkpoint. Not covered by existing issues.