Hopiu/linkchecker
1
0
Fork 0
mirror of https://github.com/Hopiu/linkchecker.git synced 2026-04-23 07:34:44 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

add positive feedback and security issues to guidelines

Browse source 
Positive feedback allows the community and passers-by to contribute in
a positive way without requiring any technical capabilities: just a
little thank you helps!

Security issues might be handled differently. Explicitely state we
follow responsible disclosure guidelines.

This comes from the ecdysis project.
This commit is contained in:
Antoine Beaupré 2018-03-26 09:50:45 -04:00
parent ca698de29d
commit 688a34f2cd
No known key found for this signature in database
GPG key ID: 3EA1DDDDB261D97B
1 changed files with 28 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
CONTRIBUTING.mdwn
View file

@ -7,6 +7,16 @@ Before you participate in the community, you should also agree to
respect the code of conduct, shipped in `CODE_OF_CONDUCT.md` in the
source code.
# Positive feedback
Even if you have no changes, suggestions, documentation or bug reports
to submit, even just positive feedback like "it works" goes a long
way. It shows the project is being used and gives instant
gratification to contributors. So we welcome emails that tell us of
your positive experiences with the project or just thank you
notes. Contact maintainers directly or submit a closed issue with your
story. You can also send your "thanks" through <https://saythanks.io/>.
# Patches
Patches can be submitted through [pull requests][] on the
@ -80,6 +90,24 @@ Issue triage is a useful contribution as well. You can review the
Note that some of those operations are available only to project
maintainers, see below for the different statuses.
## Security issues
Security issues should first be disclosed privately to the project
maintainers, which support receiving encrypted emails through the
usual OpenPGP key discovery mechanisms.
This project cannot currently afford bounties for security issues. We
would still ask that you coordinate disclosure, giving the project a
reasonable delay to produce a fix and prepare a release before public
disclosure.
Public recognition will be given to reporters security issues if
desired. We otherwise agree with the [Disclosure Guidelines][] of the
[HackerOne project][], at the time of writing.
[Disclosure Guidelines]: https://www.hackerone.com/disclosure-guidelines
[HackerOne project]: https://www.hackerone.com/
# Membership
There are three levels of membership in the project, Administrator