DOC: Add maintainer, contribution, governance info to README

some of which is required for the Core Infrastructure Initiative
badge. (It's also just nice.)

PROJECT.md

@@ -0,0 +1,69 @@
+# Maintainers
+
+The project is currently managed by Justin Cappos at New York University.
+
+Consensus Builder:
+
+  Justin Cappos
+    Email: jcappos@nyu.edu
+    GitHub username: @JustinCappos
+    PGP fingerprint: E9C0 59EC 0D32 64FA B35F  94AD 465B F9F6 F8EB 475A
+
+
+Maintainers:
+
+  Sebastien Awwad
+    Email: sebastien.awwad@gmail.com
+    GitHub username: @awwad
+    PGP fingerprint: C2FB 9C91 0758 B682 7BC4  3233 BC0C 6DED D5E5 CC03
+
+  Vladimir Diaz
+    Email: vladimir.diaz@nyu.edu
+    GitHub username: @vladimir-v-diaz
+    PGP fingerprint: 3E87 BB33 9378 BC7B 3DD0  E5B2 5DEE 9B97 B0E2 289A
+
+
+# Contributions
+
+We welcome a variety of different kinds of contributions.
+
+## Code Contributions
+If you would like to make contributions to this repository, for the reference
+implementation or the demonstration code (or the documentation here), you are
+encouraged to submit a GitHub pull request to this repository. Please follow
+[these development instructions](https://github.com/secure-systems-lab/lab-guidelines/blob/master/dev-workflow.md).
+Ideally, please include unit tests for any new software feature or change.
+
+Submitted pull requests undergo review and automated testing, including, but
+not limited to:
+* Unit and build testing via Travis CI
+* Review by one or more maintainers
+
+
+## Code Issues, Bugs, Feature Requests
+Issues with the reference implementation or demonstration code in this
+repository (e.g. bugs, feature requests, security issues specifically with the
+code)
+[should be noted in this repository as issues](https://github.com/secure-systems-lab/lab-guidelines/issues/new).
+
+
+## Security Audits
+We welcome security audits of the Uptane design. Please contact Justin Cappos
+and Sebastien Awwad via the contact information above.
+
+Uptane is defined in
+[the three documents listed here](README.md#design-documentation).
+
+Audits of TUF alone (which Uptane employs) should instead be submitted
+[per these
+instructions](https://github.com/theupdateframework/tuf/blob/develop/GOVERNANCE.md).
+
+
+## Design Contributions
+
+
+One can propose changes to the system design by submitting comments to the
+following documents (or contacting the uptane@googlegroups.com mailing list):
+- [Uptane Design](https://docs.google.com/document/d/1pBK--40BCg_ofww4GES0weYFB6tZRedAjUy6PJ4Rgzk),
+- [Uptane Implementation Specification](https://docs.google.com/document/d/1wjg3hl0iDLNh7jIRaHl3IXhwm0ssOtDje5NemyTBcaw), or
+- [Uptane Deployment Considerations](https://docs.google.com/document/d/17wOs-T7mugwte5_Dt-KLGMsp-3_yAARejpFmrAMefSE)

README.md

@@ -5,12 +5,16 @@ Reference Implementation and demonstration code
 [![Build Status](https://travis-ci.org/uptane/uptane.png)](https://travis-ci.org/uptane/uptane) [![Coverage Status](https://coveralls.io/repos/github/uptane/uptane/badge.svg)](https://coveralls.io/github/uptane/uptane?branch=develop)
 --------------------------------
 
+# Documentation
 Extensive documentation on design can be found in the following documents:
 
 * [Design Overview](https://docs.google.com/document/d/1pBK--40BCg_ofww4GES0weYFB6tZRedAjUy6PJ4Rgzk/edit?usp=sharing)
 * [Implementation Specification](https://docs.google.com/document/d/1wjg3hl0iDLNh7jIRaHl3IXhwm0ssOtDje5NemyTBcaw/edit?usp=sharing)
 * [Deployment Considerations](https://docs.google.com/document/d/17wOs-T7mugwte5_Dt-KLGMsp-3_yAARejpFmrAMefSE/edit?usp=sharing)
 
+The project's [maintainers, contribution policies, and how-tos for submitting
+issues, security audits, etc. are visible in PROJECT.md](PROJECT.md)
+
 
 # Instructions on use of the Uptane demonstration code