mirror of
https://github.com/PowerShell/PowerShell.git
synced 2024-11-26 19:34:22 +08:00
Update Code of Conduct and Security Policy (#23811)
Updates the readme, code of conduct and security policy per OSPO request.
This commit is contained in:
parent
bd8b0bd421
commit
7ec8e4ed8f
15
.github/CONTRIBUTING.md
vendored
15
.github/CONTRIBUTING.md
vendored
@ -73,13 +73,13 @@ made.
|
|||||||
In most cases, it means "one clause/idea per line".
|
In most cases, it means "one clause/idea per line".
|
||||||
* Otherwise, these issues should be treated like any other issue in this repository.
|
* Otherwise, these issues should be treated like any other issue in this repository.
|
||||||
|
|
||||||
#### Spellchecking documentation
|
#### Spell checking documentation
|
||||||
|
|
||||||
Documentation is spellchecked. We use the
|
Documentation is spellchecked. We use the
|
||||||
[textlint](https://github.com/textlint/textlint/wiki/Collection-of-textlint-rule) command-line tool,
|
[textlint](https://github.com/textlint/textlint/wiki/Collection-of-textlint-rule) command-line tool,
|
||||||
which can be run in interactive mode to correct typos.
|
which can be run in interactive mode to correct typos.
|
||||||
|
|
||||||
To run the spellchecker, follow these steps:
|
To run the spell checker, follow these steps:
|
||||||
|
|
||||||
* install [Node.js](https://nodejs.org/en/) (v10 or up)
|
* install [Node.js](https://nodejs.org/en/) (v10 or up)
|
||||||
* install [textlint](https://github.com/textlint/textlint/wiki/Collection-of-textlint-rule) by
|
* install [textlint](https://github.com/textlint/textlint/wiki/Collection-of-textlint-rule) by
|
||||||
@ -169,7 +169,7 @@ Additional references:
|
|||||||
A better example is: "Add Ensure parameter to New-Item cmdlet", with "Fix #5" in the PR's body.
|
A better example is: "Add Ensure parameter to New-Item cmdlet", with "Fix #5" in the PR's body.
|
||||||
* When you create a pull request,
|
* When you create a pull request,
|
||||||
include a summary about your changes in the PR description.
|
include a summary about your changes in the PR description.
|
||||||
The description is used to create change logs,
|
The description is used to create changelogs,
|
||||||
so try to have the first sentence explain the benefit to end users.
|
so try to have the first sentence explain the benefit to end users.
|
||||||
If the changes are related to an existing GitHub issue,
|
If the changes are related to an existing GitHub issue,
|
||||||
please reference the issue in the PR description (e.g. ```Fix #11```).
|
please reference the issue in the PR description (e.g. ```Fix #11```).
|
||||||
@ -234,8 +234,8 @@ Additional references:
|
|||||||
* After submitting your pull request,
|
* After submitting your pull request,
|
||||||
our [CI system (Azure DevOps Pipelines)][ci-system]
|
our [CI system (Azure DevOps Pipelines)][ci-system]
|
||||||
will run a suite of tests and automatically update the status of the pull request.
|
will run a suite of tests and automatically update the status of the pull request.
|
||||||
* Our CI contains automated spellchecking and link checking for Markdown files. If there is any false-positive,
|
* Our CI contains automated spell checking and link checking for Markdown files. If there is any false-positive,
|
||||||
[run the spellchecker command-line tool in interactive mode](#spellchecking-documentation)
|
[run the spell checker command-line tool in interactive mode](#spell-checking-documentation)
|
||||||
to add words to the `.spelling` file.
|
to add words to the `.spelling` file.
|
||||||
* Our packaging test may not pass and ask you to update `files.wxs` file if you add/remove/update nuget package references or add/remove assert files.
|
* Our packaging test may not pass and ask you to update `files.wxs` file if you add/remove/update nuget package references or add/remove assert files.
|
||||||
|
|
||||||
@ -382,8 +382,8 @@ Once you sign a CLA, all your existing and future pull requests will have the st
|
|||||||
|
|
||||||
## Code of Conduct Enforcement
|
## Code of Conduct Enforcement
|
||||||
|
|
||||||
Reports of abuse will be reviewed by the PS-Committee and if it has been determined that violations of the
|
Reports of abuse will be reviewed by the [PowerShell Committee][ps-committee] and if it has been determined that violations of the
|
||||||
Code of Conduct has occurred, then a temporary ban may be imposed.
|
[Code of Conduct](../CODE_OF_CONDUCT.md) has occurred, then a temporary ban may be imposed.
|
||||||
The duration of the temporary ban will depend on the impact and/or severity of the infraction.
|
The duration of the temporary ban will depend on the impact and/or severity of the infraction.
|
||||||
This can vary from 1 day, a few days, a week, and up to 30 days.
|
This can vary from 1 day, a few days, a week, and up to 30 days.
|
||||||
Repeat offenses may result in a permanent ban from the PowerShell org.
|
Repeat offenses may result in a permanent ban from the PowerShell org.
|
||||||
@ -409,3 +409,4 @@ Repeat offenses may result in a permanent ban from the PowerShell org.
|
|||||||
[coding-guidelines]: ../docs/dev-process/coding-guidelines.md
|
[coding-guidelines]: ../docs/dev-process/coding-guidelines.md
|
||||||
[breaking-changes-contract]: ../docs/dev-process/breaking-change-contract.md
|
[breaking-changes-contract]: ../docs/dev-process/breaking-change-contract.md
|
||||||
[rfc-process]: https://github.com/PowerShell/PowerShell-RFC
|
[rfc-process]: https://github.com/PowerShell/PowerShell-RFC
|
||||||
|
[ps-committee]: ../docs/community/governance.md#powershell-committee
|
||||||
|
47
.github/SECURITY.md
vendored
47
.github/SECURITY.md
vendored
@ -1,12 +1,41 @@
|
|||||||
# Security Vulnerabilities
|
<!-- BEGIN MICROSOFT SECURITY.MD V0.0.9 BLOCK -->
|
||||||
|
|
||||||
Security issues are treated very seriously and will, by default,
|
## Security
|
||||||
takes precedence over other considerations including usability, performance,
|
|
||||||
etc... Best effort will be used to mitigate side effects of a security
|
|
||||||
change, but PowerShell must be secure by default.
|
|
||||||
|
|
||||||
## Reporting a security vulnerability
|
Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin) and [PowerShell](https://github.com/PowerShell).
|
||||||
|
|
||||||
If you believe that there is a security vulnerability in PowerShell,
|
If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/security.md/definition), please report it to us as described below.
|
||||||
it **must** be reported using [https://aka.ms/secure-at](https://aka.ms/secure-at) to allow for [Coordinated Vulnerability Disclosure](https://technet.microsoft.com/security/dn467923).
|
|
||||||
**Only** file an issue, if [MSRC](https://www.microsoft.com/en-us/msrc/faqs-report-an-issue?rtc=1) has confirmed filing an issue is appropriate.
|
## Reporting Security Issues
|
||||||
|
|
||||||
|
**Please do not report security vulnerabilities through public GitHub issues.**
|
||||||
|
|
||||||
|
Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/security.md/msrc/create-report).
|
||||||
|
|
||||||
|
If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/security.md/msrc/pgp).
|
||||||
|
|
||||||
|
You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc).
|
||||||
|
|
||||||
|
Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
|
||||||
|
|
||||||
|
* Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
|
||||||
|
* Full paths of source file(s) related to the manifestation of the issue
|
||||||
|
* The location of the affected source code (tag/branch/commit or direct URL)
|
||||||
|
* Any special configuration required to reproduce the issue
|
||||||
|
* Step-by-step instructions to reproduce the issue
|
||||||
|
* Proof-of-concept or exploit code (if possible)
|
||||||
|
* Impact of the issue, including how an attacker might exploit the issue
|
||||||
|
|
||||||
|
This information will help us triage your report more quickly.
|
||||||
|
|
||||||
|
If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/security.md/msrc/bounty) page for more details about our active programs.
|
||||||
|
|
||||||
|
## Preferred Languages
|
||||||
|
|
||||||
|
We prefer all communications to be in English.
|
||||||
|
|
||||||
|
## Policy
|
||||||
|
|
||||||
|
Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/security.md/cvd).
|
||||||
|
|
||||||
|
<!-- END MICROSOFT SECURITY.MD BLOCK -->
|
||||||
|
1
.markdownlintignore
Normal file
1
.markdownlintignore
Normal file
@ -0,0 +1 @@
|
|||||||
|
.github/SECURITY.md
|
@ -1,8 +1,10 @@
|
|||||||
# Code of Conduct
|
# Microsoft Open Source Code of Conduct
|
||||||
|
|
||||||
This project has adopted the [Microsoft Open Source Code of Conduct][conduct-code].
|
This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
|
||||||
For more information see the [Code of Conduct FAQ][conduct-FAQ] or contact [opencode@microsoft.com][conduct-email] with any additional questions or comments.
|
|
||||||
|
|
||||||
[conduct-code]: https://opensource.microsoft.com/codeofconduct/
|
Resources:
|
||||||
[conduct-FAQ]: https://opensource.microsoft.com/codeofconduct/faq/
|
|
||||||
[conduct-email]: mailto:opencode@microsoft.com
|
- [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
|
||||||
|
- [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
|
||||||
|
- Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns
|
||||||
|
- Employees can reach out at [aka.ms/opensource/moderation-support](https://aka.ms/opensource/moderation-support)
|
||||||
|
12
README.md
12
README.md
@ -139,12 +139,10 @@ The governance policy for the PowerShell project is described the [PowerShell Go
|
|||||||
|
|
||||||
[gov]: https://github.com/PowerShell/PowerShell/blob/master/docs/community/governance.md
|
[gov]: https://github.com/PowerShell/PowerShell/blob/master/docs/community/governance.md
|
||||||
|
|
||||||
## [Code of Conduct][conduct-md]
|
## [Code of Conduct](CODE_OF_CONDUCT.md)
|
||||||
|
|
||||||
This project has adopted the [Microsoft Open Source Code of Conduct][conduct-code].
|
Please see our [Code of Conduct](CODE_OF_CONDUCT.md) before participating in this project.
|
||||||
For more information, see the [Code of Conduct FAQ][conduct-FAQ] or contact [opencode@microsoft.com][conduct-email] with any additional questions or comments.
|
|
||||||
|
|
||||||
[conduct-code]: https://opensource.microsoft.com/codeofconduct/
|
## [Security Policy](.github/SECURITY.md)
|
||||||
[conduct-FAQ]: https://opensource.microsoft.com/codeofconduct/faq/
|
|
||||||
[conduct-email]: mailto:opencode@microsoft.com
|
For any security issues, please see our [Security Policy](.github/SECURITY.md).
|
||||||
[conduct-md]: https://github.com/PowerShell/PowerShell/tree/master/CODE_OF_CONDUCT.md
|
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
approving [RFCs][RFC-repo], and approving new maintainers/committee members
|
approving [RFCs][RFC-repo], and approving new maintainers/committee members
|
||||||
* [**Repository maintainer**](#repository-maintainers): An individual responsible for merging pull requests (PRs) into `master` when all requirements are met (code review, tests, docs, and RFC approval as applicable).
|
* [**Repository maintainer**](#repository-maintainers): An individual responsible for merging pull requests (PRs) into `master` when all requirements are met (code review, tests, docs, and RFC approval as applicable).
|
||||||
Repository Maintainers are the only people with write permissions for the `master` branch.
|
Repository Maintainers are the only people with write permissions for the `master` branch.
|
||||||
* [**Working Groups (WGs)**](#working-groups-(wgs)) are collections of contributors responsible for
|
* [**Working Groups (WGs)**](#working-groups) are collections of contributors responsible for
|
||||||
providing expertise on a specific area of PowerShell in order to help establish consensus within
|
providing expertise on a specific area of PowerShell in order to help establish consensus within
|
||||||
the community and Committee.
|
the community and Committee.
|
||||||
* **Corporation**: The Corporation owns the PowerShell repository and, under extreme circumstances,
|
* **Corporation**: The Corporation owns the PowerShell repository and, under extreme circumstances,
|
||||||
@ -58,15 +58,16 @@ If any Committee Members feels like this behavior is large enough to warrant an
|
|||||||
|
|
||||||
As a PowerShell Committee Member:
|
As a PowerShell Committee Member:
|
||||||
|
|
||||||
|
1. **DO** enforce the [Code of Conduct][coc] by taking reports of abuse and violations to the committee for resolution
|
||||||
1. **DO** reply to issues and pull requests with design opinions
|
1. **DO** reply to issues and pull requests with design opinions
|
||||||
(this could include offering support for good work or exciting new features)
|
(this could include offering support for good work or exciting new features)
|
||||||
1. **DO** encourage healthy discussion about the direction of PowerShell
|
1. **DO** encourage healthy discussion about the direction of PowerShell
|
||||||
1. **DO** raise "red flags" on PRs that haven't followed the proper RFC process when applicable
|
1. **DO** raise "red flags" on PRs that haven't followed the proper RFC process when applicable
|
||||||
1. **DO** contribute to documentation and best practices
|
1. **DO** contribute to documentation and best practices
|
||||||
1. **DO** maintain a presence in the PowerShell community outside of GitHub (Twitter, blogs, StackOverflow, Reddit, Hacker News, etc.)
|
1. **DO** maintain a presence in the PowerShell community outside of GitHub (Twitter, blogs, Stack Overflow, Reddit, Hacker News, etc.)
|
||||||
1. **DO** heavily incorporate community feedback into the weight of your decisions
|
1. **DO** heavily incorporate community feedback into the weight of your decisions
|
||||||
1. **DO** be polite and respectful to a wide variety of opinions and perspectives
|
1. **DO** be polite and respectful to a wide variety of opinions and perspectives
|
||||||
1. **DO** make sure contributors are following the [contributor guidelines](../../.github/CONTRIBUTING.md)
|
1. **DO** make sure contributors are following the [contributing guidelines](../../.github/CONTRIBUTING.md)
|
||||||
|
|
||||||
1. **DON'T** constantly raise "red flags" for unimportant or minor problems to the point that the progress of the project is being slowed
|
1. **DON'T** constantly raise "red flags" for unimportant or minor problems to the point that the progress of the project is being slowed
|
||||||
1. **DON'T** offer up your opinions as the absolute opinion of the PowerShell Committee.
|
1. **DON'T** offer up your opinions as the absolute opinion of the PowerShell Committee.
|
||||||
@ -82,6 +83,19 @@ At any point in time, a Committee Member can nominate a strong community member
|
|||||||
Nominations should be submitted in the form of [RFCs][RFC-repo] detailing why that individual is qualified and how they will contribute.
|
Nominations should be submitted in the form of [RFCs][RFC-repo] detailing why that individual is qualified and how they will contribute.
|
||||||
After the RFC has been discussed, a unanimous vote will be required for the new Committee Member to be confirmed.
|
After the RFC has been discussed, a unanimous vote will be required for the new Committee Member to be confirmed.
|
||||||
|
|
||||||
|
### PowerShell Committee Code of Conduct Enforcement
|
||||||
|
|
||||||
|
As stated in the [contributing guidelines](../../.github/CONTRIBUTING.md#code-of-conduct-enforcement):
|
||||||
|
|
||||||
|
Reports of abuse will be reviewed by the PowerShell Committee and if it has been determined that violations of the
|
||||||
|
[Code of Conduct][coc] has occurred, then a temporary ban may be imposed.
|
||||||
|
The duration of the temporary ban will depend on the impact and/or severity of the infraction.
|
||||||
|
This can vary from 1 day, a few days, a week, and up to 30 days.
|
||||||
|
Repeat offenses may result in a permanent ban from the PowerShell org.
|
||||||
|
|
||||||
|
Microsoft employees on the PowerShell committee should review the available support at
|
||||||
|
[aka.ms/opensource/moderation-support](https://aka.ms/opensource/moderation-support).
|
||||||
|
|
||||||
## Repository Maintainers
|
## Repository Maintainers
|
||||||
|
|
||||||
Repository Maintainers are trusted stewards of the PowerShell community/repository responsible for maintaining consistency and quality of PowerShell code.
|
Repository Maintainers are trusted stewards of the PowerShell community/repository responsible for maintaining consistency and quality of PowerShell code.
|
||||||
@ -89,7 +103,7 @@ One of their primary responsibilities is merging pull requests after all require
|
|||||||
|
|
||||||
For more information on Repository Maintainers--their responsibilities, who they are, and how one becomes a Maintainer--see the [README for Repository Maintainers][maintainers].
|
For more information on Repository Maintainers--their responsibilities, who they are, and how one becomes a Maintainer--see the [README for Repository Maintainers][maintainers].
|
||||||
|
|
||||||
## Working Groups (WGs)
|
## Working Groups
|
||||||
|
|
||||||
[Working Groups (WGs)][wg] are collections of contributors with knowledge of specific components or
|
[Working Groups (WGs)][wg] are collections of contributors with knowledge of specific components or
|
||||||
technologies in the PowerShell domain.
|
technologies in the PowerShell domain.
|
||||||
@ -143,6 +157,7 @@ See our [Pull Request Process][pull-request-process]
|
|||||||
[pester]: ../testing-guidelines/WritingPesterTests.md
|
[pester]: ../testing-guidelines/WritingPesterTests.md
|
||||||
[breaking-changes]: ../dev-process/breaking-change-contract.md
|
[breaking-changes]: ../dev-process/breaking-change-contract.md
|
||||||
[issue-process]: ../maintainers/issue-management.md
|
[issue-process]: ../maintainers/issue-management.md
|
||||||
|
[coc]: ../../CODE_OF_CONDUCT.md
|
||||||
[pull-request-process]: ../../.github/CONTRIBUTING.md#lifecycle-of-a-pull-request
|
[pull-request-process]: ../../.github/CONTRIBUTING.md#lifecycle-of-a-pull-request
|
||||||
[docs-contributing]: https://github.com/PowerShell/PowerShell-Docs/blob/staging/CONTRIBUTING.md
|
[docs-contributing]: https://github.com/PowerShell/PowerShell-Docs/blob/staging/CONTRIBUTING.md
|
||||||
[maintainers]: ../maintainers/README.md
|
[maintainers]: ../maintainers/README.md
|
||||||
|
@ -15,7 +15,6 @@ They have [write access](https://docs.github.com/en/free-pro-team@latest/github/
|
|||||||
- [Repository Maintainer Responsibilities](#repository-maintainer-responsibilities)
|
- [Repository Maintainer Responsibilities](#repository-maintainer-responsibilities)
|
||||||
- [Issue Management Process](#issue-management-process)
|
- [Issue Management Process](#issue-management-process)
|
||||||
- [Pull Request Workflow](#pull-request-workflow)
|
- [Pull Request Workflow](#pull-request-workflow)
|
||||||
- [Abandoned Pull Requests](#abandoned-pull-requests)
|
|
||||||
- [Becoming a Repository Maintainer](#becoming-a-repository-maintainer)
|
- [Becoming a Repository Maintainer](#becoming-a-repository-maintainer)
|
||||||
|
|
||||||
## Current Repository Maintainers
|
## Current Repository Maintainers
|
||||||
@ -33,7 +32,7 @@ They have [write access](https://docs.github.com/en/free-pro-team@latest/github/
|
|||||||
|
|
||||||
<!-- please keep in alphabetical order -->
|
<!-- please keep in alphabetical order -->
|
||||||
|
|
||||||
- Andy Schwartzmeyer ([andschwa](https://github.com/andschwa))
|
- Andy Jordan ([andyleejordan](https://github.com/andyleejordan))
|
||||||
- Jason Shirk ([lzybkr](https://github.com/lzybkr))
|
- Jason Shirk ([lzybkr](https://github.com/lzybkr))
|
||||||
- Mike Richmond ([mirichmo](https://github.com/mirichmo))
|
- Mike Richmond ([mirichmo](https://github.com/mirichmo))
|
||||||
- Sergei Vorobev ([vors](https://github.com/vors))
|
- Sergei Vorobev ([vors](https://github.com/vors))
|
||||||
@ -44,6 +43,7 @@ Repository Maintainers enable rapid contributions while maintaining a high level
|
|||||||
|
|
||||||
If you are a Repository Maintainer, you:
|
If you are a Repository Maintainer, you:
|
||||||
|
|
||||||
|
1. **MUST** abide by the [Code of Conduct](../../CODE_OF_CONDUCT.md) and report suspected violations to the [PowerShell Committee][ps-committee]
|
||||||
1. **MUST** ensure that each contributor has signed a valid Microsoft Contributor License Agreement (CLA)
|
1. **MUST** ensure that each contributor has signed a valid Microsoft Contributor License Agreement (CLA)
|
||||||
1. **MUST** verify compliance with any third party code license terms (e.g., requiring attribution, etc.) if the contribution contains third party code.
|
1. **MUST** verify compliance with any third party code license terms (e.g., requiring attribution, etc.) if the contribution contains third party code.
|
||||||
1. **MUST** make sure that [any change requiring approval from the PowerShell Committee](../community/governance.md#changes-that-require-an-rfc) has gone through the proper [RFC][RFC-repo] or approval process
|
1. **MUST** make sure that [any change requiring approval from the PowerShell Committee](../community/governance.md#changes-that-require-an-rfc) has gone through the proper [RFC][RFC-repo] or approval process
|
||||||
@ -96,10 +96,11 @@ At any point in time, the existing Repository Maintainers can unanimously nomina
|
|||||||
Nominations are brought to the PowerShell Committee to understand the reasons and justification.
|
Nominations are brought to the PowerShell Committee to understand the reasons and justification.
|
||||||
A simple majority of the PowerShell Committee is required to veto the nomination.
|
A simple majority of the PowerShell Committee is required to veto the nomination.
|
||||||
When a nominee has been approved, a PR will be submitted by a current Maintainer to update this document to add the nominee's name to
|
When a nominee has been approved, a PR will be submitted by a current Maintainer to update this document to add the nominee's name to
|
||||||
the [Current Repository Maintainers](#Current-Repository-Maintainers) with justification as the description of the PR to serve as the public announcement.
|
the [Current Repository Maintainers](#current-repository-maintainers) with justification as the description of the PR to serve as the public announcement.
|
||||||
|
|
||||||
[RFC-repo]: https://github.com/PowerShell/PowerShell-RFC
|
[RFC-repo]: https://github.com/PowerShell/PowerShell-RFC
|
||||||
[ci-system]: ../testing-guidelines/testing-guidelines.md#ci-system
|
[ci-system]: ../testing-guidelines/testing-guidelines.md#ci-system
|
||||||
[issue-management]: issue-management.md
|
[issue-management]: issue-management.md
|
||||||
[CONTRIBUTING]: ../../.github/CONTRIBUTING.md
|
[CONTRIBUTING]: ../../.github/CONTRIBUTING.md
|
||||||
[best-practice]: best-practice.md
|
[best-practice]: best-practice.md
|
||||||
|
[ps-committee]: ../community/governance.md#powershell-committee
|
||||||
|
Loading…
Reference in New Issue
Block a user