Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add legalese #403

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Add legalese #403

wants to merge 1 commit into from

Conversation

maennchen
Copy link
Member

@maennchen maennchen commented Nov 13, 2024
edited
Loading

I just saw that the project did not include the full license. (besides the hint in the README)

I though this would be a good time to add some legalese to the project:

  • LICENSE - Apache 2.0
  • CODE_OF_CONDUCT - Reference to the Elixir Code of Conduct
  • SECURITY - Copied & adapted from EEF
  • CONTRIBUTING - Copied & adapted from EEF

TODO

  • Enable private vulnerability reporting in project
  • Set correct email for disclosures in SECURITY - which one?
  • Apply the same documents to expo (Add credo & dialyzer to CONTRIBUTING)

@maennchen maennchen self-assigned this Nov 13, 2024
@coveralls
Copy link

coveralls commented Nov 13, 2024
edited
Loading

Pull Request Test Coverage Report for Build 679a004b8b901f8e86b8461b321aa5dfba82ba17-PR-403

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 91.884%
Totals Coverage Status
Change from base Build 3a6e81ce64ae580af300c2abf825fef310314b2c: 0.0%
Covered Lines: 634
Relevant Lines: 690
💛 - Coveralls

@whatyouhide
Copy link
Contributor

Thanks!

@maennchen
Copy link
Member Author

I can adapt the elixir code of conduct for sure. Do you want to copy it and just adapt the scope & email address or would you just like to refer to it?

While I agree that we will probably not have security issues with this project, I would still like to include a security policy. The reason for this is mainly that there’s tool out there like the OpenSSF Scorecard project, which is used by corporates to check their dependencies. Having a security policy defined is a good sign for compliance departments and will also result in higher scores in those tools. If this was a small and barely used library, I probably wouldn’t bother. But with the popularity, I think it’s worth to set it up.

@maennchen
Copy link
Member Author

Btw: Phoenix also uses the Contributors Covenant, just an older version. While the EEF uses it as well, that’s not the reason I chose it. I believe it’s one of the most prevalent codes of conduct. Elixir is also based on it.

@whatyouhide
Copy link
Contributor

I can adapt the elixir code of conduct for sure. Do you want to copy it and just adapt the scope & email address or would you just like to refer to it?

Referring is great for now, we don't need a specific one here. There is no active "community" around Gettext.

Ok, let's go with the security doc too.

@maennchen
Copy link
Member Author

@whatyouhide I changed the reference to the elixir code of conduct.

For the security report email I would offer to receive the emails myself.

(In case I would get something that actually matters I would then just create an entry with GitHub Vulnerability Reporting and coordinate with all maintainers from there.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@whatyouhide whatyouhide Awaiting requested review from whatyouhide

Assignees

@maennchen maennchen

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@maennchen @coveralls @whatyouhide