From 1895f8b2b00c14b71e00109de12975a5a3d20b57 Mon Sep 17 00:00:00 2001 From: Juan Bustamante Date: Tue, 14 Feb 2023 12:13:39 -0500 Subject: [PATCH 1/2] WIP - adding require files Signed-off-by: Juan Bustamante --- CONTRIBUTING.md | 2 +- CONTRIBUTORS.md | 9 +++++++++ SECURITY.md | 13 +++++++++++++ SUPPORT.md | 12 ++++++++++++ 4 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 CONTRIBUTORS.md create mode 100644 SECURITY.md create mode 100644 SUPPORT.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3547ae84..7f56e628 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1 +1 @@ -If you have not previously done so, please fill out and submit the [Contributor License Agreement](https://cla.pivotal.io/sign/pivotal). \ No newline at end of file +If you have not previously done so, please fill out and submit the [Contributor License Agreement](https://cla.pivotal.io/sign/pivotal). diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md new file mode 100644 index 00000000..00675c14 --- /dev/null +++ b/CONTRIBUTORS.md @@ -0,0 +1,9 @@ +## Policies + +This repository adheres to the following project policies: + +- [Code of Conduct](CODE_OF_CONDUCT.md) - How we should act with each other. +- [Contributing](CONTRIBUTING.md) - General contributing standards. +- [Security](SECURITY.md) - Reporting security concerns. +- [Support](SUPPORT.md) - Getting support. + diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..f6cf9b77 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,13 @@ +# Security Policy + +## Reporting a Vulnerability + +We strongly encourage people to report security vulnerabilities privately to our security team before disclosing them in a public forum. + +Please note that the e-mail address below should only be used for reporting undisclosed security vulnerabilities in Cloud Native Buildpacks products and managing the process of fixing such vulnerabilities. We cannot accept regular bug reports or other security related queries at this address. + +The e-mail address to use to contact the Cloud Native Buildpacks Security Team is security@buildpacks.io. + +The fingerprint is: `7AA4 452E A0C3 56F8 894D C869 4E56 F857 5412 6F64` + +It can be obtained from a public key server such as pgp.mit.edu. diff --git a/SUPPORT.md b/SUPPORT.md new file mode 100644 index 00000000..0de8d9cd --- /dev/null +++ b/SUPPORT.md @@ -0,0 +1,12 @@ +# Support Policy + +## Security Vulnerabilities +If you believe that you've found a security vulnerability, please check [SECURITY.md](SECURITY.md) to learn how to disclose responsibly. + +## GitHub Issues +We choose not to use GitHub issues for general usage questions and support, preferring to use issues solely for the tracking of bugs and enhancements. If you have a general usage question please do not open a GitHub issue, but use one of the other channels described below. + +If you are reporting a bug, please help to speed up problem diagnosis by providing as much information as possible. Ideally, that would include a small sample project that reproduces the problem.. + +## Slack +The kpack community monitors [Kubernetes slack](https://kubernetes.slack.com/channels/kpack). Before asking a question please search the history to see if the question has already been asked and answered. From 983b63bdc2fe3135046013ff8601c3fac664ce50 Mon Sep 17 00:00:00 2001 From: Juan Bustamante Date: Mon, 20 Feb 2023 16:00:00 -0500 Subject: [PATCH 2/2] updating contributing.md file Signed-off-by: Juan Bustamante --- CONTRIBUTING.md | 72 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 71 insertions(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7f56e628..2023bfab 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1 +1,71 @@ -If you have not previously done so, please fill out and submit the [Contributor License Agreement](https://cla.pivotal.io/sign/pivotal). +# Contributing + +## Pull Request Process + +1. [Fork][fork] the repository. +2. [Clone][clone] your fork repository. +3. Create a branch for the issue: `git checkout -b {{BRANCH_NAME}}` +4. Make any changes deemed necessary. +5. Commit your changes: `git commit -s`\ + _Learn more about the [sign-off](#sign-off-process) process below._ +6. Push to GitHub: `git push origin {{BRANCH_NAME}}` +7. [Create the pull request][create-pr]. + + +## Sign-off Process + +Every commit contributed to this project must be signed-off. + +A sign-off is a single line added to your commit messages that certifies that you wrote and/or have the right to the +contributed changes. + +The full text of the certification from [developercertificate.org](http://developercertificate.org/) is a follows: +``` +Developer Certificate of Origin +Version 1.1 + +Copyright (C) 2004, 2006 The Linux Foundation and its contributors. +1 Letterman Drive +Suite D4700 +San Francisco, CA, 94129 + +Everyone is permitted to copy and distribute verbatim copies of this +license document, but changing it is not allowed. + +Developer's Certificate of Origin 1.1 + +By making a contribution to this project, I certify that: + +(a) The contribution was created in whole or in part by me and I + have the right to submit it under the open source license + indicated in the file; or + +(b) The contribution is based upon previous work that, to the best + of my knowledge, is covered under an appropriate open source + license and I have the right under that license to submit that + work with modifications, whether created in whole or in part + by me, under the same open source license (unless I am + permitted to submit under a different license), as indicated + in the file; or + +(c) The contribution was provided directly to me by some other + person who certified (a), (b) or (c) and I have not modified + it. + +(d) I understand and agree that this project and the contribution + are public and that a record of the contribution (including all + personal information I submit with it, including my sign-off) is + maintained indefinitely and may be redistributed consistent with + this project or the open source license(s) involved. +``` + +The signature should look as such: + + Signed-off-by: John Doe + +> Pro-tip: `git` can automatically add the signature by adding the `-s` flag to the commit command:\ +> `git commit -s` + +[fork]: https://help.github.com/en/github/getting-started-with-github/fork-a-repo +[clone]: https://help.github.com/en/github/creating-cloning-and-archiving-repositories/cloning-a-repository +[create-pr]: https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request-from-a-fork