mirror of
https://github.com/spalencsar/bearhub.git
synced 2026-07-06 20:34:16 +02:00
Add project code of conduct and security policy
This commit is contained in:
42
CODE_OF_CONDUCT.md
Normal file
42
CODE_OF_CONDUCT.md
Normal file
@@ -0,0 +1,42 @@
|
|||||||
|
# Code of Conduct
|
||||||
|
|
||||||
|
## Our Commitment
|
||||||
|
|
||||||
|
The Bearhub project is committed to providing a respectful, harassment-free environment for everyone participating in issues, discussions, and pull requests.
|
||||||
|
|
||||||
|
## Expected Behavior
|
||||||
|
|
||||||
|
- Be respectful and constructive.
|
||||||
|
- Assume good intent and focus on technical content.
|
||||||
|
- Provide clear, reproducible reports for bugs and regressions.
|
||||||
|
- Accept feedback and collaborate on fixes.
|
||||||
|
|
||||||
|
## Unacceptable Behavior
|
||||||
|
|
||||||
|
- Harassment, hate speech, personal attacks, or discrimination.
|
||||||
|
- Trolling, intimidation, or repeated hostile communication.
|
||||||
|
- Publishing private information without consent.
|
||||||
|
- Any behavior that makes collaboration unsafe or unproductive.
|
||||||
|
|
||||||
|
## Scope
|
||||||
|
|
||||||
|
This Code of Conduct applies to all project spaces, including:
|
||||||
|
|
||||||
|
- GitHub issues and pull requests
|
||||||
|
- discussions and comments
|
||||||
|
- any public communication channels used for project collaboration
|
||||||
|
|
||||||
|
## Enforcement
|
||||||
|
|
||||||
|
Project maintainers may remove, edit, or reject comments, issues, or pull requests that violate this Code of Conduct.
|
||||||
|
|
||||||
|
Repeated or severe violations may lead to temporary or permanent bans from project participation.
|
||||||
|
|
||||||
|
## Reporting
|
||||||
|
|
||||||
|
If you experience or witness unacceptable behavior, report it privately to the maintainers through GitHub:
|
||||||
|
|
||||||
|
- Open a private security advisory for sensitive incidents when appropriate.
|
||||||
|
- Otherwise, contact maintainers directly via GitHub profile contact options.
|
||||||
|
|
||||||
|
All reports will be reviewed and handled as confidentially as possible.
|
||||||
@@ -81,8 +81,10 @@ Key features
|
|||||||
14. [Code structure](#code)
|
14. [Code structure](#code)
|
||||||
15. [Roadmap](#roadmap)
|
15. [Roadmap](#roadmap)
|
||||||
16. [Contributing](https://github.com/vinifmor/bauh/blob/master/CONTRIBUTING.md)
|
16. [Contributing](https://github.com/vinifmor/bauh/blob/master/CONTRIBUTING.md)
|
||||||
17. [Maintainer docs](#maintainer_docs)
|
17. [Code of Conduct](CODE_OF_CONDUCT.md)
|
||||||
18. [Donations](#donations)
|
18. [Security Policy](SECURITY.md)
|
||||||
|
19. [Maintainer docs](#maintainer_docs)
|
||||||
|
20. [Donations](#donations)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
48
SECURITY.md
Normal file
48
SECURITY.md
Normal file
@@ -0,0 +1,48 @@
|
|||||||
|
# Security Policy
|
||||||
|
|
||||||
|
## Supported Versions
|
||||||
|
|
||||||
|
Security fixes are provided on a best-effort basis for:
|
||||||
|
|
||||||
|
- the latest Bearhub release
|
||||||
|
- the current `main` branch
|
||||||
|
|
||||||
|
Older releases may not receive security updates.
|
||||||
|
|
||||||
|
## Reporting a Vulnerability
|
||||||
|
|
||||||
|
Please do not open public issues for undisclosed security vulnerabilities.
|
||||||
|
|
||||||
|
Use one of these channels:
|
||||||
|
|
||||||
|
1. GitHub Security Advisories (preferred):
|
||||||
|
- Go to the repository `Security` tab
|
||||||
|
- Create a private vulnerability report
|
||||||
|
2. If advisory reporting is unavailable, contact maintainers directly via GitHub.
|
||||||
|
|
||||||
|
Include as much detail as possible:
|
||||||
|
|
||||||
|
- affected Bearhub version
|
||||||
|
- platform details (Arch version, Python version, desktop session)
|
||||||
|
- reproduction steps
|
||||||
|
- expected vs. actual behavior
|
||||||
|
- logs, stack traces, and proof-of-concept (if available)
|
||||||
|
|
||||||
|
## Response Process
|
||||||
|
|
||||||
|
Maintainers will:
|
||||||
|
|
||||||
|
- acknowledge the report as soon as possible
|
||||||
|
- validate impact and scope
|
||||||
|
- prepare and publish a fix
|
||||||
|
- credit reporters where appropriate (if desired)
|
||||||
|
|
||||||
|
## Disclosure
|
||||||
|
|
||||||
|
Please allow reasonable time for validation and patching before public disclosure.
|
||||||
|
|
||||||
|
Once fixed, we will disclose:
|
||||||
|
|
||||||
|
- impacted versions
|
||||||
|
- mitigation/fix guidance
|
||||||
|
- release references containing the patch
|
||||||
Reference in New Issue
Block a user