From a9650ae3f04fc625593a0ee83a34c9f45c3186bd Mon Sep 17 00:00:00 2001 From: Chinmay Patel Date: Tue, 21 Feb 2023 20:56:18 +0000 Subject: [PATCH] Update README.md, CONTRIBUTING.md, SECURITY.md according to the guidelines in template. (auto-submit 98635 after successfully running remote remote.full) Job ID: job.9.20230221194432.7041 [git-p4: depot-paths = "//dev/coherence-ce/main/": change = 98639] --- CONTRIBUTING.md | 79 ++++++++++++++++----------- README.md | 12 +++- SECURITY.md | 47 +++++++++++++--- prj/etc/copyright-exclude-windows.txt | 1 + prj/etc/copyright-exclude.txt | 1 + 5 files changed, 95 insertions(+), 45 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 99acf0b3b70b4..7826d07f9b56f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,55 +1,68 @@ -# Contributing to Coherence -Oracle welcomes contributions to this repository from anyone. +----- +# Contributing to this repository -If you want to submit a pull request to fix a bug or enhance an existing -feature, please first open an issue and link to that issue when you -submit your pull request. +We welcome your contributions! There are multiple ways to contribute. -If you have any questions about a possible submission, feel free to open -an issue too. +## Opening issues -## Contributing to the Oracle Coherence Community Edition repository +For bugs or enhancement requests, please file a GitHub issue unless it's +security related. When filing a bug remember that the better written the bug is, +the more likely it is to be fixed. If you think you've found a security +vulnerability, do not raise a GitHub issue and follow the instructions in our +[security policy](./SECURITY.md). -Pull requests can be made under -[The Oracle Contributor Agreement](https://oca.opensource.oracle.com/) (OCA). +## Contributing code -For pull requests to be accepted, the bottom of your commit message must have -the following line using your name and e-mail address as it appears in the -OCA Signatories list. +We welcome your code contributions. Before submitting code via a pull request, +you will need to have signed the [Oracle Contributor Agreement][OCA] (OCA) and +your commits need to include the following line using the name and e-mail +address you used to sign the OCA: -``` +```text Signed-off-by: Your Name ``` -This can be automatically added to pull requests by committing with: +This can be automatically added to pull requests by committing with `--sign-off` +or `-s`, e.g. -``` - git commit --signoff +```text +git commit --signoff ``` -Only pull requests from committers that can be verified as having -signed the OCA can be accepted. +Only pull requests from committers that can be verified as having signed the OCA +can be accepted. -### Pull request process +## Pull request process -1. Fork this repository +1. Ensure there is an issue created to track and discuss the fix or enhancement + you intend to submit. +1. Fork this repository. 1. Create a branch in your fork to implement the changes. We recommend using -the issue number as part of your branch name, e.g. `1234-fixes` -1. Ensure that all changes comply to project coding conventions as documented [here](DEV-GUIDELINES.md) + the issue number as part of your branch name, e.g. `1234-fixes`. +1. Ensure that any documentation is updated with the changes that are required + by your change. +1. Ensure that any samples are updated if the base image has been changed. +1. Ensure that all changes comply to project coding conventions as documented + [here](DEV-GUIDELINES.md) 1. Ensure that there is at least one test that would fail without the fix and -passes post fix -1. A full build including test execution is required for the PR + passes post fix. 1. Submit the pull request. *Do not leave the pull request blank*. Explain exactly -what your changes are meant to do and provide simple steps on how to validate -your changes, ideally referencing the test. Ensure that you reference the issue -you created as well. We will assign the pull request to 2-3 people for review -before it is submitted internally and the PR is closed. + what your changes are meant to do and provide simple steps on how to validate + your changes. Ensure that you reference the issue you created as well. +1. We will assign the pull request to 2-3 people for review before it is submitted + internally and the PR is closed. + +## Code of conduct + +Follow the [Golden Rule](https://en.wikipedia.org/wiki/Golden_Rule). If you'd +like more specific guidelines, see the [Contributor Covenant Code of Conduct][COC]. + +[OCA]: https://oca.opensource.oracle.com +[COC]: https://www.contributor-covenant.org/version/1/4/code-of-conduct/ diff --git a/README.md b/README.md index de866bf69e9dd..d2f0ad3b1a0cb 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,8 @@ ----- @@ -421,6 +419,14 @@ Below is an overview of features supported in each Coherence edition for compari Please refer to Oracle Fusion Middleware Licensing Documentation for official documentation of Oracle Coherence commercial editions and licensing details. +## Examples + +Examples related to Coherence features are located under [examples](./prj/examples) directory of this repository. + ## Contribute Interested in contributing? See our contribution [guidelines](CONTRIBUTING.md) for details. + +## Security + +Please consult the [security guide](./SECURITY.md) for our responsible security vulnerability disclosure process diff --git a/SECURITY.md b/SECURITY.md index bf7fe05342ed4..141ed1c2f8834 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,17 +1,46 @@ -# Reporting Security Vulnerabilities + -Please do NOT raise a GitHub Issue to report a security vulnerability. If you believe you have found a security vulnerability, please submit a report to secalert_us@oracle.com preferably with a proof of concept. We provide additional information on [how to report security vulnerabilities to Oracle](https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html) which includes public encryption keys for secure email. +----- +# Reporting security vulnerabilities -We ask that you do not use other channels or contact project contributors directly. +Oracle values the independent security research community and believes that +responsible disclosure of security vulnerabilities helps us ensure the security +and privacy of all our users. -Non-vulnerability related security issues such as great new ideas for security features are welcome on GitHub Issues. +Please do NOT raise a GitHub Issue to report a security vulnerability. If you +believe you have found a security vulnerability, please submit a report to +[secalert_us@oracle.com][1] preferably with a proof of concept. Please review +some additional information on [how to report security vulnerabilities to Oracle][2]. +We encourage people who contact Oracle Security to use email encryption using +[our encryption key][3]. -## Security Updates, Alerts and Bulletins +We ask that you do not use other channels or contact the project maintainers +directly. -Security updates will be released on a regular cadence. Many of our projects will typically release security fixes in conjunction with the [Oracle Critical Patch Update](https://www.oracle.com/security-alerts/) program. Security updates are released on the Tuesday closest to the 17th day of January, April, July and October. A pre-release announcement will be published on the Thursday preceding each release. Additional information, including past advisories, is available on our [Security Alerts](https://www.oracle.com/security-alerts/) page. +Non-vulnerability related security issues including ideas for new or improved +security features are welcome on GitHub Issues. -## Security-Related Information +## Security updates, alerts and bulletins -We will provide security related information such as a threat model, considerations for secure use, or any known security issues in our documentation. Please note that labs and sample code are intended to demonstrate a concept and may not be sufficiently hardened for production use. +Security updates will be released on a regular cadence. Many of our projects +will typically release security fixes in conjunction with the +[Oracle Critical Patch Update][3] program. Additional +information, including past advisories, is available on our [security alerts][4] +page. + +## Security-related information + +We will provide security related information such as a threat model, considerations +for secure use, or any known security issues in our documentation. Please note +that labs and sample code are intended to demonstrate a concept and may not be +sufficiently hardened for production use. + +[1]: mailto:secalert_us@oracle.com +[2]: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html +[3]: https://www.oracle.com/security-alerts/encryptionkey.html +[4]: https://www.oracle.com/security-alerts/ diff --git a/prj/etc/copyright-exclude-windows.txt b/prj/etc/copyright-exclude-windows.txt index bd43bc2bcb9c2..f47a770396125 100644 --- a/prj/etc/copyright-exclude-windows.txt +++ b/prj/etc/copyright-exclude-windows.txt @@ -69,3 +69,4 @@ cache-config-UTF8-BOM.xml .zip .class .cdb +.md diff --git a/prj/etc/copyright-exclude.txt b/prj/etc/copyright-exclude.txt index 9836dc78fa248..1cbeda0e45d04 100644 --- a/prj/etc/copyright-exclude.txt +++ b/prj/etc/copyright-exclude.txt @@ -69,3 +69,4 @@ cache-config-UTF8-BOM.xml .zip .class .cdb +.md