From 5123e635e8a569b315405122adf0bc3f2dbd33a3 Mon Sep 17 00:00:00 2001 From: Oleksandra Pavlusieva Date: Wed, 8 Feb 2023 21:49:36 +0200 Subject: [PATCH 1/3] Update CONTRIBUTING.md and README.md added Code of conduct to CONTRIBUTING.md and updated a link to OCA --- CONTRIBUTING.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 1e6a4af..d3d6bee 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -5,7 +5,7 @@ Oracle welcomes contributions to this repository from anyone. If you want to sub ## Contributing to the zfssa-csi-driver repository Pull requests can be made under -[The Oracle Contributor Agreement](https://www.oracle.com/technetwork/community/oca-486395.html) (OCA). +[The Oracle Contributor Agreement](https://oca.opensource.oracle.com) (OCA). For pull requests to be accepted, the bottom of your commit message must have the following line using your name and e-mail address as it appears in the @@ -36,3 +36,10 @@ by your fix. what your changes are meant to do and provide simple steps on how to validate your changes. Ensure that you reference the issue you created as well. We will assign the pull request to 2-3 people for review before it is merged. + +## Code of conduct + +Follow the [Golden Rule](https://en.wikipedia.org/wiki/Golden_Rule). If you'd +like more specific guidelines, see the [Contributor Covenant Code of Conduct][COC]. + +[COC]: https://www.contributor-covenant.org/version/1/4/code-of-conduct/ From ffc51cec5e189a2b0838cb0f8651d192636fc751 Mon Sep 17 00:00:00 2001 From: Oleksandra Pavlusieva Date: Wed, 8 Feb 2023 21:53:31 +0200 Subject: [PATCH 2/3] Update Security.md updated Security.md according to https://github.com/oracle/template-repo/blob/main/SECURITY.md --- SECURITY.md | 39 ++++++++++++++++++++++++++++++--------- 1 file changed, 30 insertions(+), 9 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 2cea12b..fb23841 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,17 +1,38 @@ -# Reporting Security Vulnerabilities +# Reporting security vulnerabilities -Oracle values the independent security research community and believes that responsible disclosure of security vulnerabilities helps us ensure the security and privacy of all our users. +Oracle values the independent security research community and believes that +responsible disclosure of security vulnerabilities helps us ensure the security +and privacy of all our users. -Please do NOT raise a GitHub Issue to report a security vulnerability. If you believe you have found a security vulnerability, please submit a report to secalert_us@oracle.com preferably with a proof of concept. We provide additional information on [how to report security vulnerabilities to Oracle](https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html) which includes public encryption keys for secure email. +Please do NOT raise a GitHub Issue to report a security vulnerability. If you +believe you have found a security vulnerability, please submit a report to +[secalert_us@oracle.com][1] preferably with a proof of concept. Please review +some additional information on [how to report security vulnerabilities to Oracle][2]. +We encourage people who contact Oracle Security to use email encryption using +[our encryption key][3]. -We ask that you do not use other channels or contact project contributors directly. +We ask that you do not use other channels or contact the project maintainers +directly. -Non-vulnerability related security issues such as new great new ideas for security features are welcome on GitHub Issues. +Non-vulnerability related security issues including ideas for new or improved +security features are welcome on GitHub Issues. -## Security Updates, Alerts and Bulletins +## Security updates, alerts and bulletins -Security updates will be released on a regular cadence. Many of our projects will typically release security fixes in conjunction with the [Oracle Critical Patch Update](https://www.oracle.com/security-alerts/) program. Security updates are released on the Tuesday closest to the 17th day of January, April, July and October. A pre-release announcement will be published on the Thursday preceding each release. Additional information, including past advisories, is available on our [Security Alerts](https://www.oracle.com/security-alerts/) page. +Security updates will be released on a regular cadence. Many of our projects +will typically release security fixes in conjunction with the +[Oracle Critical Patch Update][3] program. Additional +information, including past advisories, is available on our [security alerts][4] +page. -## Security-Related Information +## Security-related information -We will provide security related information such as a threat model, considerations for secure use, or any known security issues in our documentation. Please note that labs and sample code are intended to demonstrate a concept and may not be sufficiently hardened for production use. +We will provide security related information such as a threat model, considerations +for secure use, or any known security issues in our documentation. Please note +that labs and sample code are intended to demonstrate a concept and may not be +sufficiently hardened for production use. + +[1]: mailto:secalert_us@oracle.com +[2]: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html +[3]: https://www.oracle.com/security-alerts/encryptionkey.html +[4]: https://www.oracle.com/security-alerts/ From ac5af51e7cba30c80114adfd2f4db7bc922f7fa4 Mon Sep 17 00:00:00 2001 From: Oleksandra Pavlusieva Date: Wed, 8 Feb 2023 21:56:43 +0200 Subject: [PATCH 3/3] Update README.md added License section to README.md --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index 8480582..f238b6d 100644 --- a/README.md +++ b/README.md @@ -104,3 +104,10 @@ this driver. ## Contributing See [CONTRIBUTING](./CONTRIBUTING.md) for details. + +## License + +Copyright (c) 2021 Oracle and/or its affiliates. + +Released under the Universal Permissive License v1.0 as shown at +.