From 6ef3fd139b26610f8c6bf600db1e56c0a5cc82ba Mon Sep 17 00:00:00 2001 From: qwerty287 <80460567+qwerty287@users.noreply.github.com> Date: Sat, 13 Jan 2024 08:15:18 +0100 Subject: [PATCH] Remove contributing/security to use globally defined (#3192) Remove `CONTRIBUTING.md` and `SECURITY.md` to use those defined in https://github.com/woodpecker-ci/.github --- CONTRIBUTING.md | 79 ------------------------------------------------- SECURITY.md | 10 ------- 2 files changed, 89 deletions(-) delete mode 100644 CONTRIBUTING.md delete mode 100644 SECURITY.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md deleted file mode 100644 index e9235ef9f..000000000 --- a/CONTRIBUTING.md +++ /dev/null @@ -1,79 +0,0 @@ -# Contributing - -## Maintainers - -To make sure every Pull Request (PR) is checked, we have **team maintainers**.\ -Every PR **MUST** be reviewed by at least **one** maintainer (or owner) before it can get merged.\ -A maintainer should be a contributor and contributed at least 4 accepted PRs. -A contributor should apply as a maintainer in the [Discord #develop](https://discord.gg/fcMQqSMXJy) or [Matrix Develop](https://matrix.to/#/#WoodpeckerCI-Develop:obermui.de) channel. -The owners or the team maintainers may invite the contributor. -A maintainer should spend some time on code reviews. - -If a maintainer has no time to do that, they should apply to leave the maintainers team and we will give them the honor of being a member of the -[advisors team](https://github.com/orgs/woodpecker-ci/teams/advisors/members). -Of course, if an advisor has time to code review, we will gladly welcome them back to the maintainers team. -If a maintainer is inactive for more than 3 months and forgets to leave the maintainers team, the owners may move him or her from the maintainers team to the advisors team. - -For security reasons, Maintainers must use 2FA for their accounts and if possible provide GPG signed commits.\ - - - -## Owners - -Since Woodpecker is a pure community organization without any company support, to keep the development healthy we will elect two owners at the end of every year (December).\ -This can also happen when an owner proposes a vote or the majority of the maintainers do so.\ -All maintainers may vote to elect up to two candidates. When the new owners have been elected, the old owners will give up ownership to the newly elected owners. -If an owner is unable to do so, the other owner will assist in ceding ownership to the newly elected owners. - -For security reasons, Owners must use 2FA.\ -([Docs: Securing your account with two-factor authentication](https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa)) - -To honor the past owners, here's the history of the owners and the time they served: - -- 2024-01-01 ~ 2024-12-31 - - - - [6543](https://github.com/6543) - - [Anbraten](https://github.com/anbraten) - -- 2023-01-01 ~ 2023-12-31 - - - - [6543](https://github.com/6543) - - [Anbraten](https://github.com/anbraten) - -- 2021-09-28 ~ 2022-12-31 - - - - [6543](https://github.com/6543) - - [Anbraten](https://github.com/anbraten) - -- 2019-07-25 ~ 2021-09-28 - - [Laszlo Fogas](https://github.com/laszlocph) - -## Code Review - -Once code review starts on your PR, do not rebase nor squash your branch as it makes it -difficult to review the new changes. Only if there is a need, sync your branch by merging -the base branch into yours. Don't worry about merge commits messing up your tree as -the final merge process squashes all commits into one, with the visible commit message (first -line) being the PR title + PR index and description being the PR's first comment. - -Once your PR gets approved, don't worry about keeping it up-to-date or breaking -builds (unless there's a merge conflict or a request is made by a maintainer to make -modifications). It is the maintainer team's responsibility from this point to get it merged. - -## Releases - -We release a new version every four weeks and will release the current state of the `main` branch. -If there are security fixes or critical bug fixes, we'll release them directly. -There are no backports or similar. - -### Versioning - -We use [Semantic Versioning](https://semver.org/) to be able, -to communicate when admins have to do manual migration steps and when they can just bump versions up. - -### Breaking changes - -As of semver guidelines, breaking changes will be released as a major version. We will hold back -breaking changes to not release many majors each containing just a few breaking changes. -Prior to the release of a major version, a release candidate (RC) will be published to allow easy testing, -the actual release will be about a week later. diff --git a/SECURITY.md b/SECURITY.md deleted file mode 100644 index 24517c843..000000000 --- a/SECURITY.md +++ /dev/null @@ -1,10 +0,0 @@ -# Security - -We take security seriously. -If you discover a security issue, please bring it to our attention right away! - -## Reporting a Vulnerability - -Please **DO NOT** file a public issue, instead send your report privately to [`security @ woodpecker-ci.org`](mailto:security@woodpecker-ci.org). - -Security reports are greatly appreciated, and we will publicly thank you for it. If you choose to remain anonymous, we will respect your request and keep your name confidential.