mirror of
https://github.com/spalencsar/bearhub.git
synced 2026-07-06 19:24:16 +02:00
Add project code of conduct and security policy
This commit is contained in:
42
CODE_OF_CONDUCT.md
Normal file
42
CODE_OF_CONDUCT.md
Normal file
@@ -0,0 +1,42 @@
|
||||
# Code of Conduct
|
||||
|
||||
## Our Commitment
|
||||
|
||||
The Bearhub project is committed to providing a respectful, harassment-free environment for everyone participating in issues, discussions, and pull requests.
|
||||
|
||||
## Expected Behavior
|
||||
|
||||
- Be respectful and constructive.
|
||||
- Assume good intent and focus on technical content.
|
||||
- Provide clear, reproducible reports for bugs and regressions.
|
||||
- Accept feedback and collaborate on fixes.
|
||||
|
||||
## Unacceptable Behavior
|
||||
|
||||
- Harassment, hate speech, personal attacks, or discrimination.
|
||||
- Trolling, intimidation, or repeated hostile communication.
|
||||
- Publishing private information without consent.
|
||||
- Any behavior that makes collaboration unsafe or unproductive.
|
||||
|
||||
## Scope
|
||||
|
||||
This Code of Conduct applies to all project spaces, including:
|
||||
|
||||
- GitHub issues and pull requests
|
||||
- discussions and comments
|
||||
- any public communication channels used for project collaboration
|
||||
|
||||
## Enforcement
|
||||
|
||||
Project maintainers may remove, edit, or reject comments, issues, or pull requests that violate this Code of Conduct.
|
||||
|
||||
Repeated or severe violations may lead to temporary or permanent bans from project participation.
|
||||
|
||||
## Reporting
|
||||
|
||||
If you experience or witness unacceptable behavior, report it privately to the maintainers through GitHub:
|
||||
|
||||
- Open a private security advisory for sensitive incidents when appropriate.
|
||||
- Otherwise, contact maintainers directly via GitHub profile contact options.
|
||||
|
||||
All reports will be reviewed and handled as confidentially as possible.
|
||||
@@ -81,8 +81,10 @@ Key features
|
||||
14. [Code structure](#code)
|
||||
15. [Roadmap](#roadmap)
|
||||
16. [Contributing](https://github.com/vinifmor/bauh/blob/master/CONTRIBUTING.md)
|
||||
17. [Maintainer docs](#maintainer_docs)
|
||||
18. [Donations](#donations)
|
||||
17. [Code of Conduct](CODE_OF_CONDUCT.md)
|
||||
18. [Security Policy](SECURITY.md)
|
||||
19. [Maintainer docs](#maintainer_docs)
|
||||
20. [Donations](#donations)
|
||||
|
||||
|
||||
|
||||
|
||||
48
SECURITY.md
Normal file
48
SECURITY.md
Normal file
@@ -0,0 +1,48 @@
|
||||
# Security Policy
|
||||
|
||||
## Supported Versions
|
||||
|
||||
Security fixes are provided on a best-effort basis for:
|
||||
|
||||
- the latest Bearhub release
|
||||
- the current `main` branch
|
||||
|
||||
Older releases may not receive security updates.
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
Please do not open public issues for undisclosed security vulnerabilities.
|
||||
|
||||
Use one of these channels:
|
||||
|
||||
1. GitHub Security Advisories (preferred):
|
||||
- Go to the repository `Security` tab
|
||||
- Create a private vulnerability report
|
||||
2. If advisory reporting is unavailable, contact maintainers directly via GitHub.
|
||||
|
||||
Include as much detail as possible:
|
||||
|
||||
- affected Bearhub version
|
||||
- platform details (Arch version, Python version, desktop session)
|
||||
- reproduction steps
|
||||
- expected vs. actual behavior
|
||||
- logs, stack traces, and proof-of-concept (if available)
|
||||
|
||||
## Response Process
|
||||
|
||||
Maintainers will:
|
||||
|
||||
- acknowledge the report as soon as possible
|
||||
- validate impact and scope
|
||||
- prepare and publish a fix
|
||||
- credit reporters where appropriate (if desired)
|
||||
|
||||
## Disclosure
|
||||
|
||||
Please allow reasonable time for validation and patching before public disclosure.
|
||||
|
||||
Once fixed, we will disclose:
|
||||
|
||||
- impacted versions
|
||||
- mitigation/fix guidance
|
||||
- release references containing the patch
|
||||
Reference in New Issue
Block a user