From 362689ab6d18e49ba57b32bb0d834791c4905acf Mon Sep 17 00:00:00 2001 From: Joe Di Pol Date: Fri, 12 Jan 2024 15:35:29 -0800 Subject: [PATCH] Update repository readme files to match Oracle templates --- CONTRIBUTING.md | 25 +++++++++++++++++++++---- NOTICE.txt | 2 +- README.md | 28 ++++++++++++++++++++-------- SECURITY.md | 39 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 81 insertions(+), 13 deletions(-) create mode 100644 SECURITY.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 056243b8..73a24f49 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -9,13 +9,30 @@ Join us at [#helidon-users](http://slack.helidon.io) and participate in discussi ## Opening Issues -If you hit a bug or have an enhancement request then file a [GitHub issue](https://github.com/helidon-io/helidon-examples/issues). When filing an issue remember that the better written the issue is, the more likely it is -to be fixed. +For bugs or enhancement requests, please file a [GitHub issue](https://github.com/helidon-io/helidon/issues) unless it's +security related. When filing a bug remember that the better written the bug is, +the more likely it is to be fixed. If you think you've found a security +vulnerability, do not raise a GitHub issue and follow the instructions in our +[security policy](./SECURITY.md). -## Contributing Code +## Contributing code We welcome your code contributions. Before submitting code via a pull request, - you will need to have signed the [Oracle Contributor Agreement][OCA] (OCA). +you will need to have signed the [Oracle Contributor Agreement][OCA] (OCA) and +your commits need to include the following line using the name and e-mail +address you used to sign the OCA: + +```text +Signed-off-by: Your Name +``` + +This can be automatically added to pull requests by committing with `--sign-off` +or `-s`, e.g. + +```text +git commit --signoff +``` + Only pull requests from committers that can be verified as having signed the OCA can be accepted. diff --git a/NOTICE.txt b/NOTICE.txt index fc3d01db..61b9155f 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -2,7 +2,7 @@ Project Helidon =============== -Copyright (c) 2017, 2023 Oracle and/or its affiliates. +Copyright (c) 2017, 2024 Oracle and/or its affiliates. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/README.md b/README.md index 9ee1b7b0..ebc85642 100644 --- a/README.md +++ b/README.md @@ -3,9 +3,9 @@ Examples for Helidon 3. -[Helidon 2 Examples](https://github.com/helidon-io/helidon/tree/helidon-2.x/examples) are in the primary Helidon repository. +[Helidon 4 Examples](https://github.com/helidon-io/helidon/tree/main/examples) and [Helidon 2 Examples](https://github.com/helidon-io/helidon/tree/helidon-2.x/examples) are in the primary Helidon repository. -# To Run the Examples +## How to Run To build and run Helidon 3 examples you need: @@ -21,7 +21,7 @@ git checkout helidon-3.x mvn clean install ``` -# Branches +### How Repository is Organized | Branch | Description | | ------------- |-------------| @@ -41,21 +41,33 @@ git checkout helidon-3.x To checkout examples for a specific release of Helidon: ``` -git checkout tags/3.6.0 +git checkout tags/3.2.5 ``` +## Documentation + +Each example has a README that contains additional details for building and running the example. + +## Help + +* See the [Helidon FAQ](https://github.com/oracle/helidon/wiki/FAQ) +* Ask questions on Stack Overflow using the [helidon tag](https://stackoverflow.com/tags/helidon) +* Join us on Slack: [#helidon-users](http://slack.helidon.io) + ## Contributing -This project welcomes contributions from the community. Before submitting a pull -request, please [review our contribution guide](./CONTRIBUTING.md). +This project welcomes contributions from the community. Before submitting a pull request, please [review our contribution guide](./CONTRIBUTING.md) + +## Security + +Please consult the [security guide](./SECURITY.md) for our responsible security vulnerability disclosure process ## License -Copyright (c) 2017, 2023 Oracle and/or its affiliates. +Copyright (c) 2017, 2024 Oracle and/or its affiliates. Released under [Apache License 2.0](./LICENSE.txt). ## Third Party Attributions Developers choosing to distribute a binary implementation of this project are responsible for obtaining and providing all required licenses and copyright notices for the third-party code used in order to ensure compliance with their respective open source licenses. - diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..bc08bf51 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,39 @@ +# Reporting security vulnerabilities + +Oracle values the independent security research community and believes that +responsible disclosure of security vulnerabilities helps us ensure the security +and privacy of all our users. + +Please do NOT raise a GitHub Issue to report a security vulnerability. If you +believe you have found a security vulnerability, please submit a report to +[secalert_us@oracle.com][1] preferably with a proof of concept. Please review +some additional information on [how to report security vulnerabilities to Oracle][2]. +We encourage people who contact Oracle Security to use email encryption using +[our encryption key][3]. + +We ask that you do not use other channels or contact the project maintainers +directly. + +Non-vulnerability related security issues including ideas for new or improved +security features are welcome on GitHub Issues. + +## Security updates, alerts and bulletins + +Security updates will be released on a regular cadence. Many of our projects +will typically release security fixes in conjunction with the +Oracle Critical Patch Update program. Additional +information, including past advisories, is available on our [security alerts][4] +page. + +## Security-related information + +We will provide security related information such as a threat model, considerations +for secure use, or any known security issues in our documentation. Please note +that labs and sample code are intended to demonstrate a concept and may not be +sufficiently hardened for production use. + +[1]: mailto:secalert_us@oracle.com +[2]: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html +[3]: https://www.oracle.com/security-alerts/encryptionkey.html +[4]: https://www.oracle.com/security-alerts/ +