From d9cb6b1e561dd03d7b83cc2ea34ef201da0f4de9 Mon Sep 17 00:00:00 2001 From: Anthony Tuininga Date: Tue, 8 Dec 2020 11:58:14 -0700 Subject: [PATCH] Update templates. --- .github/SECURITY.md | 14 +++++++++++--- CONTRIBUTING.md | 42 +++++++++++++++++++++++++++++++----------- 2 files changed, 42 insertions(+), 14 deletions(-) diff --git a/.github/SECURITY.md b/.github/SECURITY.md index 4d7b07c..91c3b6f 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -1,5 +1,13 @@ -# Python cx_Oracle Security +# Reporting Security Vulnerabilities -## Reporting a Vulnerability +Oracle values the independent security research community and believes that responsible disclosure of security vulnerabilities helps us ensure the security and privacy of all our users. -See https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html for how to report security issues. +Please do NOT raise a GitHub Issue to report a security vulnerability. If you believe you have found a security vulnerability, please submit a report to secalert_us@oracle.com preferably with a proof of concept. We provide additional information on [how to report security vulnerabilities to Oracle](https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html) which includes public encryption keys for secure email. + +We ask that you do not use other channels or contact project contributors directly. + +Non-vulnerability related security issues such as great new ideas for security features are welcome on GitHub Issues. + +## Security-Related Information + +We will provide security related information such as a threat model, considerations for secure use, or any known security issues in our documentation. Please note that labs and sample code are intended to demonstrate a concept and may not be sufficiently hardened for production use. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index cfdfb90..c92f3e9 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,24 +1,44 @@ -# Contributing to cx_Oracle +# Contributing -*Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.* +We welcome your contributions! There are multiple ways to contribute. -Pull requests can be made under -[The Oracle Contributor Agreement](https://www.oracle.com/technetwork/community/oca-486395.html) -(OCA). +## Issues -For pull requests to be accepted into cx_Oracle, the bottom of -your commit message must have the following line using your name and -e-mail address as it appears in the OCA Signatories list. +For bugs or enhancement requests, please file a GitHub issue unless it's security related. When filing a bug remember that the better written the bug is, the more likely it is to be fixed. If you think you've found a security vulnerability, do not raise a GitHub issue and follow the instructions on our [Security Policy](./.github/SECURITY.md). -``` +## Contributing Code + +We welcome your code contributions. To get started, you will need to sign the [Oracle Contributor Agreement](https://www.oracle.com/technetwork/community/oca-486395.html) (OCA). + +For pull requests to be accepted, the bottom of your commit message must have +the following line using the name and e-mail address you used for the OCA. + +```text Signed-off-by: Your Name ``` This can be automatically added to pull requests by committing with: -``` +```text git commit --signoff -```` +``` Only pull requests from committers that can be verified as having signed the OCA can be accepted. + +### Pull request process + +1. Fork this repository +1. Create a branch in your fork to implement the changes. We recommend using +the issue number as part of your branch name, e.g. `1234-fixes` +1. Ensure that any documentation is updated with the changes that are required +by your fix. +1. Ensure that any samples are updated if the base image has been changed. +1. Submit the pull request. *Do not leave the pull request blank*. Explain exactly +what your changes are meant to do and provide simple steps on how to validate +your changes. Ensure that you reference the issue you created as well. +1. We will review your PR before it is merged. + +## Code of Conduct + +Follow the [Golden Rule](https://en.wikipedia.org/wiki/Golden_Rule). If you'd like more specific guidelines see the [Contributor Covenant Code of Conduct](https://www.contributor-covenant.org/version/1/4/code-of-conduct/)