Add Support and Security metadata pages #1
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| # Security Policy | ||
|
|
||
| ## Reporting Security Issues | ||
|
|
||
| You can submit any security issue or suspected vulnerability | ||
| on the GitHub Security pages of the project. | ||
| Please do **NOT** use public GitHub Issues for reporting vulnerabilities. | ||
|
|
||
| ## Bug Bounty | ||
|
|
||
| Unless documented explicitly, | ||
| GradleUp projects are not a part of | ||
| any security bug bounty program and, | ||
| as of now, of any other program. | ||
|
|
||
| For confirmed issues, we will be happy to credit you in the public Security Advisory and on social media. | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| # Support for GradleUp projects | ||
|
|
||
| Any bug reports, feature requests and comments are welcome! | ||
| The project keeps evolving, | ||
| and any feedback from end users and developers will be appreciated. | ||
|
|
||
| ## Raising Issues and Feature Requests | ||
|
|
||
| Use GitHub Issues. | ||
| Note that it may take some time to get a response, thanks for your patience. | ||
| Contributions are always welcome, see the Contributor Guidelines. | ||
|
|
||
| ## Reporting Security Issues | ||
|
|
||
| Please do NOT use public GitHub Issues for reporting vulnerabilities. | ||
| You can submit any security issue or suspected vulnerability on GitHub Security pages, | ||
| which are available in project repositories. | ||
| Read More - [Security Policy](./SECURITY.md). | ||
|
|
||
| ## Setting Expectations | ||
|
|
||
| GradleUp is a community driven project, | ||
| most of contributors and maintainers invest their personal time. | ||
| We do not guarantee a response or resolution | ||
| time for the submitted issues. | ||
| As it is written in the Apache License v2: | ||
|
Comment on lines
+22
to
+26
|
||
|
|
||
| > Licensor provides the Work (and each Contributor provides its Contributions) | ||
| > on an "AS IS" BASIS, | ||
| > WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or | ||
| > implied, including, without limitation, any warranties or conditions | ||
| > of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A | ||
| > PARTICULAR PURPOSE. You are solely responsible for determining the | ||
| > appropriateness of using or redistributing the Work and assume any | ||
| > risks associated with Your exercise of permissions under this License. | ||
|
|
||
| ## Commercial Support and Customization | ||
|
|
||
| The GradleUp projects prioritize the community support with a best effort, | ||
| but do not provide any guarantees or SLAs. | ||
| Maintainers of the GradleUp projects **might** be available for additional consulting. | ||
| Do not hesitate reaching out to them. | ||
|
|
||
| **Protip:** Supporting the work of maintainers and contributors on GitHub Sponsors and other platforms is always appreciated. | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I feel like I'm missing something here. I would expect
[email protected]here. Or is there a way to have some kind of "private issues" in GitHub for security?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Turns out we can turn private issue reporting for vulnerabilites
https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice! TIL.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is something we should add to the project onboarding checklist IMHO.
But yeah, it becomes a useful thing for small projects
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Raised GradleUp/gradleup.github.io#2 for now