diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..bafc68a1 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,42 @@ +# Code of Conduct + +## Our Commitment + +The Bearhub project is committed to providing a respectful, harassment-free environment for everyone participating in issues, discussions, and pull requests. + +## Expected Behavior + +- Be respectful and constructive. +- Assume good intent and focus on technical content. +- Provide clear, reproducible reports for bugs and regressions. +- Accept feedback and collaborate on fixes. + +## Unacceptable Behavior + +- Harassment, hate speech, personal attacks, or discrimination. +- Trolling, intimidation, or repeated hostile communication. +- Publishing private information without consent. +- Any behavior that makes collaboration unsafe or unproductive. + +## Scope + +This Code of Conduct applies to all project spaces, including: + +- GitHub issues and pull requests +- discussions and comments +- any public communication channels used for project collaboration + +## Enforcement + +Project maintainers may remove, edit, or reject comments, issues, or pull requests that violate this Code of Conduct. + +Repeated or severe violations may lead to temporary or permanent bans from project participation. + +## Reporting + +If you experience or witness unacceptable behavior, report it privately to the maintainers through GitHub: + +- Open a private security advisory for sensitive incidents when appropriate. +- Otherwise, contact maintainers directly via GitHub profile contact options. + +All reports will be reviewed and handled as confidentially as possible. diff --git a/README.md b/README.md index b57614e0..a350f7ec 100644 --- a/README.md +++ b/README.md @@ -81,8 +81,10 @@ Key features 14. [Code structure](#code) 15. [Roadmap](#roadmap) 16. [Contributing](https://github.com/vinifmor/bauh/blob/master/CONTRIBUTING.md) -17. [Maintainer docs](#maintainer_docs) -18. [Donations](#donations) +17. [Code of Conduct](CODE_OF_CONDUCT.md) +18. [Security Policy](SECURITY.md) +19. [Maintainer docs](#maintainer_docs) +20. [Donations](#donations) diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..e9726ea8 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,48 @@ +# Security Policy + +## Supported Versions + +Security fixes are provided on a best-effort basis for: + +- the latest Bearhub release +- the current `main` branch + +Older releases may not receive security updates. + +## Reporting a Vulnerability + +Please do not open public issues for undisclosed security vulnerabilities. + +Use one of these channels: + +1. GitHub Security Advisories (preferred): + - Go to the repository `Security` tab + - Create a private vulnerability report +2. If advisory reporting is unavailable, contact maintainers directly via GitHub. + +Include as much detail as possible: + +- affected Bearhub version +- platform details (Arch version, Python version, desktop session) +- reproduction steps +- expected vs. actual behavior +- logs, stack traces, and proof-of-concept (if available) + +## Response Process + +Maintainers will: + +- acknowledge the report as soon as possible +- validate impact and scope +- prepare and publish a fix +- credit reporters where appropriate (if desired) + +## Disclosure + +Please allow reasonable time for validation and patching before public disclosure. + +Once fixed, we will disclose: + +- impacted versions +- mitigation/fix guidance +- release references containing the patch