From 4bf2cdd505c29f1e435ea94d2511963d85bed8c6 Mon Sep 17 00:00:00 2001 From: "Adam J. Stewart" Date: Mon, 13 Jan 2025 14:17:10 +0100 Subject: [PATCH] Update existing Microsoft policies to MVG --- .github/CODE_OF_CONDUCT.md | 10 ++++----- .github/CONTRIBUTING.md | 17 +++++++++++--- .github/GOVERNANCE.md | 2 +- .github/MAINTAINERS.md | 2 +- .github/SECURITY.md | 45 ++++++++++---------------------------- .github/SUPPORT.md | 4 ---- README.md | 2 +- 7 files changed, 34 insertions(+), 48 deletions(-) diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md index f9ba8cf65f3..6f451e74163 100644 --- a/.github/CODE_OF_CONDUCT.md +++ b/.github/CODE_OF_CONDUCT.md @@ -1,9 +1,9 @@ -# Microsoft Open Source Code of Conduct +# Contributor Covenant Code of Conduct -This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). +This project has adopted the [Contributor Covenant Code of Conduct](https://www.contributor-covenant.org/). Resources: -- [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/) -- [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) -- Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns +- [Contributor Covenant Code of Conduct](https://www.contributor-covenant.org/version/2/1/code_of_conduct/) +- [Contributor Covenant Code of Conduct FAQ](https://www.contributor-covenant.org/faq/) +- Contact @adamjstewart on Slack with questions or concerns diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 13d839a5c09..3141be885ae 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -1,10 +1,21 @@ # Contributing -This Project welcomes contributions, suggestions, and feedback. All contributions, suggestions, and feedback you submitted are accepted under the [Project's license](./LICENSE.md). You represent that if you do not own copyright in the code that you have the authority to submit it under the [Project's license](./LICENSE.md). All feedback, suggestions, or contributions are not confidential. +This Project welcomes contributions, suggestions, and feedback. All contributions, suggestions, and feedback you submitted are accepted under the [Project's license](../LICENSE). You represent that if you do not own copyright in the code that you have the authority to submit it under the [Project's license](../LICENSE). All feedback, suggestions, or contributions are not confidential. -[Should be further filled in by the project - including defining the requirements to reach maintainer status] +TorchGeo is an open-source project built by contributors like you from around the world. If you find a bug or would like to add a new feature, please open a pull request. For further information on how to contribute, including topics like: -The Project abides by the Organization's [code of conduct](../org-docs/CODE-OF-CONDUCT.md) and [trademark policy](../org-docs/TRADEMARKS.md). +- using git, +- licensing requirements, +- writing and running unit tests, +- running linters, +- building the documentation, and +- adding new datasets, + +please see our [Contributing Guide](https://torchgeo.readthedocs.io/en/stable/user/contributing.html). + +You can find a curated list of issues that we believe are easy for new contributors to tackle at https://github.com/microsoft/torchgeo/contribute. + +The Project abides by the Organization's [code of conduct](https://github.com/github/MVG/blob/main/org-docs/CODE-OF-CONDUCT.md) and [trademark policy](https://github.com/github/MVG/blob/main/org-docs/TRADEMARKS.md). --- Part of MVG-0.1-beta. diff --git a/.github/GOVERNANCE.md b/.github/GOVERNANCE.md index 8ab7f2008bd..175dfbde592 100644 --- a/.github/GOVERNANCE.md +++ b/.github/GOVERNANCE.md @@ -1,6 +1,6 @@ # Governance Policy -This document provides the governance policy for the Project. Maintainers agree to this policy and to abide by all Project polices, including the [code of conduct](../org-docs/CODE-OF-CONDUCT.md), [trademark policy](../org-docs/TRADEMARKS.md), and [antitrust policy](../org-docs/ANTITRUST.md) by adding their name to the [maintainers.md file](./MAINTAINERS.md). +This document provides the governance policy for the Project. Maintainers agree to this policy and to abide by all Project polices, including the [code of conduct](https://github.com/adamjstewart/torchgeo-governance/blob/main/CODE-OF-CONDUCT.md), [trademark policy](https://github.com/adamjstewart/torchgeo-governance/blob/main/TRADEMARKS.md), and [antitrust policy](https://github.com/adamjstewart/torchgeo-governance/blob/main/ANTITRUST.md) by adding their name to the [maintainers.md file](./MAINTAINERS.md). ## 1. Roles. diff --git a/.github/MAINTAINERS.md b/.github/MAINTAINERS.md index 588a3680cbf..922d5031bb5 100644 --- a/.github/MAINTAINERS.md +++ b/.github/MAINTAINERS.md @@ -1,6 +1,6 @@ # Maintainers -This document lists the Maintainers of the Project. Maintainers may be added once approved by the existing maintainers as described in the [Governance document](./GOVERNANCE.md). By adding your name to this list you are agreeing to abide by the Project governance documents and to abide by all of the Organization's polices, including the [code of conduct](../org-docs/CODE-OF-CONDUCT.md), [trademark policy](../org-docs/TRADEMARKS.md), and [antitrust policy](../org-docs/ANTITRUST.md). If you are participating because of your affiliation with another organization (designated below), you represent that you have the authority to bind that organization to these policies. +This document lists the Maintainers of the Project. Maintainers may be added once approved by the existing maintainers as described in the [Governance document](./GOVERNANCE.md). By adding your name to this list you are agreeing to abide by the Project governance documents and to abide by all of the Organization's polices, including the [code of conduct](https://github.com/adamjstewart/torchgeo-governance/blob/main/CODE-OF-CONDUCT.md), [trademark policy](https://github.com/adamjstewart/torchgeo-governance/blob/main/TRADEMARKS.md), and [antitrust policy](https://github.com/adamjstewart/torchgeo-governance/blob/main/ANTITRUST.md). If you are participating because of your affiliation with another organization (designated below), you represent that you have the authority to bind that organization to these policies. | **NAME** | **Organization** | | --- | --- | diff --git a/.github/SECURITY.md b/.github/SECURITY.md index 9ea576f725f..fe7d34d1145 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -1,41 +1,20 @@ - +# Security Policy -## Security +## Supported Versions -Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/). +We provide security updates for `main` and for the most recent minor (`X.Y`) release series of TorchGeo. Security updates will be made available as patch (`X.Y.1`, `X.Y.2`, etc.) releases. -If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383%28v=technet.10%29), please report it to us as described below. +For more on Spack's release structure, see our +[Wiki](https://github.com/microsoft/torchgeo/wiki/Releasing-Instructions). -## Reporting Security Issues +## Reporting a Vulnerability -**Please do not report security vulnerabilities through public GitHub issues.** +You can report a vulnerability using GitHub's private reporting feature: -Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report). +1. Go to [https://github.com/microsoft/torchgeo/security](https://github.com/microsoft/torchgeo/security). +2. Click "Report a vulnerability" in the upper right corner of that page. +3. Fill out the form and submit your draft security advisory. -If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/en-us/msrc/pgp-key-msrc). +More details are available in [GitHub's docs](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability). -You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc). - -Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: - -- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) -- Full paths of source file(s) related to the manifestation of the issue -- The location of the affected source code (tag/branch/commit or direct URL) -- Any special configuration required to reproduce the issue -- Step-by-step instructions to reproduce the issue -- Proof-of-concept or exploit code (if possible) -- Impact of the issue, including how an attacker might exploit the issue - -This information will help us triage your report more quickly. - -If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://microsoft.com/msrc/bounty) page for more details about our active programs. - -## Preferred Languages - -We prefer all communications to be in English. - -## Policy - -Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd). - - +You can expect to hear back about security issues within two days. If your security issue is accepted, we will do our best to release a fix within a week. If fixing the issue will take longer than this, we will discuss timeline options with you. diff --git a/.github/SUPPORT.md b/.github/SUPPORT.md index bac17f63bd2..a481e6fb3e7 100644 --- a/.github/SUPPORT.md +++ b/.github/SUPPORT.md @@ -7,7 +7,3 @@ issues before filing new issues to avoid duplicates. For new issues, file your b feature request as a new Issue. For help and questions about using this project, please open an Issue. - -## Microsoft Support Policy - -Support for TorchGeo is limited to the resources listed above. diff --git a/README.md b/README.md index b5fd835430b..74d5fe41c93 100644 --- a/README.md +++ b/README.md @@ -276,4 +276,4 @@ If you use this software in your work, please cite our [paper](https://dl.acm.or This project welcomes contributions and suggestions. If you would like to submit a pull request, see our [Contribution Guide](https://torchgeo.readthedocs.io/en/stable/user/contributing.html) for more information. -This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. +This project has adopted the [Contributor Covenant Code of Conduct](https://www.contributor-covenant.org/). For more information see the [Contributor Covenant Code of Conduct FAQ](https://www.contributor-covenant.org/faq/) or contact @adamjstewart on Slack with any additional questions or comments.