docs: switch to sec advisories; add LEGAL.md

nomicode · nomicode · commit 135e25775af7 · 2024-11-13T22:41:40.000+01:00
This commit improves user guidance for reporting
security issues and begins the documentation of
licensing compliance.

In particular:
- Redirect users to the new security advisories
  form instead of requesting a blank issue for
  security contact
- Introduce a work-in-progress `LEGAL.md` file to
  outline the project's commitment to licensing
  compliance (not publicly visible yet)
- Clean up previous work on issue templates,
  configuration, and other community health files
  for better clarity
- Add admonitions to several files to indicate
  that they are works in progress.
diff --git a/.cspell/custom-dictionary.txt b/.cspell/custom-dictionary.txt
@@ -1,2 +1,3 @@
 # Custom Dictionary Words
 commitlint
+DFSG
diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md
@@ -1,5 +1,8 @@
 # Code of Conduct
 
+> [!IMPORTANT]
+> This document is a work in progress. Please open a [blank issue](../issues/new) if you would like to suggest improvements.
+
 ## Our Pledge
 
 We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone.
diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md
@@ -2,6 +2,9 @@
 
 Thank you for considering contributing to our project! Here are some guidelines to help you get started:
 
+> [!IMPORTANT]
+> This document is a work in progress. Please open a [blank issue](../issues/new) if you would like to suggest improvements.
+
 ## How to Contribute
 
 1. Fork the repository.
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -1 +1,64 @@
-blank_issues_enabled: true
+name: Bug Report
+description: File a bug report.
+title: "[Bug]: "
+labels: ["bug", "triage"]
+projects: ["octo-org/1", "octo-org/44"]
+assignees:
+  - octocat
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!
+  - type: input
+    id: contact
+    attributes:
+      label: Contact Details
+      description: How can we get in touch with you if we need more info?
+      placeholder: ex. email@example.com
+    validations:
+      required: false
+  - type: textarea
+    id: what-happened
+    attributes:
+      label: What happened?
+      description: Also tell us, what did you expect to happen?
+      placeholder: Tell us what you see!
+      value: "A bug happened!"
+    validations:
+      required: true
+  - type: dropdown
+    id: version
+    attributes:
+      label: Version
+      description: What version of our software are you running?
+      options:
+        - 1.0.2 (Default)
+        - 1.0.3 (Edge)
+      default: 0
+    validations:
+      required: true
+  - type: dropdown
+    id: browsers
+    attributes:
+      label: What browsers are you seeing the problem on?
+      multiple: true
+      options:
+        - Firefox
+        - Chrome
+        - Safari
+        - Microsoft Edge
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant log output
+      description: Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks.
+      render: shell
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Code of Conduct
+      description: By submitting this issue, you agree to follow our [Code of Conduct](https://example.com).
+      options:
+        - label: I agree to follow this project's Code of Conduct
+          required: true
diff --git a/.github/LEGAL.md b/.github/LEGAL.md
@@ -0,0 +1,31 @@
+# Legal
+
+> [!IMPORTANT]
+> This document is a work in progress. Please open a [blank issue][blank-issue] if you would like to suggest improvements.
+
+## General information
+
+### Free Software
+
+We are committed to ensuring project compliance with the [Debian Free Software Guidelines][dfsg] (DFSG) and [GNU Free Software Definition][gnu-free].
+
+Compliance extends to:
+
+- Anything release artefact we distribute or publish, e.g.:
+  - E.g., Precompiled binaries, software packages, container images, etc.
+- Any third-party works we incorporate into any release artefact
+
+All third-party work is audited prior to inclusion, and all additional copyright and licensing information will be appended to the `NOTICE` file, along with any third-party mandatory notices.
+
+### Reporting problems
+
+If you spot a a licensing compliance oversight, please create a [bug report][bug-report]. Typically, these issues benefit from being discussed in the open.
+
+For any other legal matters, please open a [blank issue][blank-issue] and use it to make a _legal contact request_. Be sure to include your contact details so that we can follow up with you privately.
+
+We take all legal issues seriously and will endeavour to address them promptly.
+
+[blank-issue]: ../../../issues/new
+[bug-report]: ../../../issues/new?template=bug_report.md
+[dfsg]: https://wiki.debian.org/DebianFreeSoftwareGuidelines
+[gnu-free]: https://www.gnu.org/philosophy/free-sw.en.html
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -1,12 +1,15 @@
 # Security Policy
 
+> [!IMPORTANT]
+> This document is a work in progress. Please open a [blank issue][blank issue] if you would like to suggest improvements.
+
 ## Reporting a Vulnerability
 
-If you discover a security vulnerability, please report it to us by opening a [blank issue](../issues/new).
+If you discover a security vulnerability, please report it to us by opening a [draft security advisory][advisory].
 
-If you prefer to make a confidential disclosure, please use the blank issue to make a security contact request. Be sure to include your contact details so that we can follow up with you privately.
+If you prefer to make a confidential disclosure, please open a [blank issue][blank issue] and use it to make _security contact request_. Be sure to include your contact details so that we can follow up with you privately.
 
-We take all security vulnerabilities seriously and will address them promptly.
+We take all security vulnerabilities seriously and will endeavour to address them promptly.
 
 ## Supported Versions
 
@@ -15,3 +18,6 @@ If a security vulnerability is reported or discovered, we will endeavor to publi
 ## Security Updates
 
 We will notify users of security updates through our standard project communication channels.
+
+[advisory]: ../../security/advisories/new
+[blank issue]: ../../issues/new
diff --git a/.github/SUPPORT.md b/.github/SUPPORT.md
@@ -2,6 +2,9 @@
 
 Thank you for using our project. Here are some ways you can get support.
 
+> [!IMPORTANT]
+> This document is a work in progress. Please open a [blank issue](../issues/new) if you would like to suggest improvements.
+
 ## Documentation
 
 Please refer to our documentation for detailed information on how to use the project.
diff --git a/DEVELOP.md b/DEVELOP.md
@@ -2,6 +2,9 @@
 
 This guide provides instructions for setting up your development environment to contribute to the project.
 
+> [!IMPORTANT]
+> This document is a work in progress. Please open a [blank issue](../issues/new) if you would like to suggest improvements.
+
 ## System Prerequisites
 
 Before you begin, ensure you have the following tools installed on your system:
diff --git a/README.md b/README.md
@@ -2,6 +2,9 @@
 
 This repository contains default [community health files](https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file) and other resources to help guide contributions and support.
 
+> [!IMPORTANT]
+> This document is a work in progress. Please open a [blank issue](../issues/new) if you would like to suggest improvements.
+
 ## Getting Started
 
 To get started with this project, please refer to the following files:

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,3 @@`
`1`	`1`	`# Custom Dictionary Words`
`2`	`2`	`commitlint`
	`3`	`+DFSG`