From 5c6cf77996266987480ac7b7331f8a6b28b21cce Mon Sep 17 00:00:00 2001 From: Matt Scott Date: Fri, 17 Mar 2023 16:42:05 -0400 Subject: [PATCH] Updated project README to include references to the new security policy. Moved the project's code of conduct out of the contributions guide and into the appropriate policy file. Updated the contribution guide to follow the NetBox project format. Added various issue templates based on the NetBox project formats but updated for PDA. Added additional GitHub workflows to handle stale and closed issue and PR management. Removed legacy stale issue workflow that was not in use. --- .github/ISSUE_TEMPLATE/bug_report.yaml | 78 ++++++++++ .github/ISSUE_TEMPLATE/config.yml | 12 ++ .../ISSUE_TEMPLATE/documentation_change.yaml | 40 +++++ .github/ISSUE_TEMPLATE/feature_request.yaml | 71 +++++++++ .github/ISSUE_TEMPLATE/housekeeping.yaml | 24 +++ .github/PULL_REQUEST_TEMPLATE.md | 14 ++ .github/stale.yml | 20 --- .github/workflows/lock.yml | 21 +++ .github/workflows/stale.yml | 45 ++++++ README.md | 8 +- docs/CODE_OF_CONDUCT.md | 74 +++++++++ docs/CONTRIBUTING.md | 145 ++++++++++-------- docs/SECURITY.md | 31 ++++ 13 files changed, 496 insertions(+), 87 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.yaml create mode 100644 .github/ISSUE_TEMPLATE/config.yml create mode 100644 .github/ISSUE_TEMPLATE/documentation_change.yaml create mode 100644 .github/ISSUE_TEMPLATE/feature_request.yaml create mode 100644 .github/ISSUE_TEMPLATE/housekeeping.yaml create mode 100644 .github/PULL_REQUEST_TEMPLATE.md delete mode 100644 .github/stale.yml create mode 100644 .github/workflows/lock.yml create mode 100644 .github/workflows/stale.yml create mode 100644 docs/CODE_OF_CONDUCT.md create mode 100644 docs/SECURITY.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.yaml b/.github/ISSUE_TEMPLATE/bug_report.yaml new file mode 100644 index 0000000..5bacd4e --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yaml @@ -0,0 +1,78 @@ +--- +name: 🐛 Bug Report +description: Report a reproducible bug in the current release of PDA +labels: ["type: bug"] +body: + - type: markdown + attributes: + value: > + **NOTE:** This form is only for reporting _reproducible bugs_ in a current PDA + installation. If you're having trouble with installation or just looking for + assistance with using PDA, please visit our + [discussion forum](https://github.com/PowerDNS-Admin/PowerDNS-Admin/discussions) instead. + - type: input + attributes: + label: PDA version + description: What version of PDA are you currently running? + options: + - "0.4.0" + - "0.3.0" + - "0.2.5" + - "0.2.4" + - "0.2.3" + - "0.2.2" + - "0.2.1" + - "0.2" + - "0.1" + - "I'm Not Sure" + validations: + required: true + - type: dropdown + attributes: + label: Python version + description: What version of Python are you currently running? + options: + - "3.0" + - "3.1" + - "3.2" + - "3.3" + - "3.4" + - "3.5" + - "3.6" + - "3.7" + - "3.8" + - "3.9" + - "3.10" + - "3.11" + validations: + required: true + - type: textarea + attributes: + label: Steps to Reproduce + description: > + Describe in detail the exact steps that someone else can take to + reproduce this bug using the current stable release of PDA. Begin with the + creation of any necessary database objects and call out every operation being + performed explicitly. If reporting a bug in the REST API, be sure to reconstruct + the raw HTTP request(s) being made. Additionally, **do not rely on the demo instance** for reproducing + suspected bugs, as its data is prone to modification or deletion at any time. + placeholder: | + 1. Click on "create widget" + 2. Set foo to 12 and bar to G + 3. Click the "create" button + validations: + required: true + - type: textarea + attributes: + label: Expected Behavior + description: What did you expect to happen? + placeholder: A new zone record should have been created with the specified values + validations: + required: true + - type: textarea + attributes: + label: Observed Behavior + description: What happened instead? + placeholder: A TypeError exception was raised + validations: + required: true \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..98109af --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,12 @@ +# Reference: https://help.github.com/en/github/building-a-strong-community/configuring-issue-templates-for-your-repository#configuring-the-template-chooser +blank_issues_enabled: false +contact_links: + - name: 📖 Contributing Policy + url: https://github.com/PowerDNS-Admin/PowerDNS-Admin/blob/docs/CONTRIBUTING.md + about: "Please read through our contributing policy before opening an issue or pull request" + - name: ❓ Discussion + url: https://github.com/PowerDNS-Admin/PowerDNS-Admin/discussions + about: "If you're just looking for help, try starting a discussion instead" + - name: 💬 Project Chat + url: https://mattermost.powerdnsadmin.org/ + about: "Join our Mattermost chat to discuss the project with other users and developers" \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/documentation_change.yaml b/.github/ISSUE_TEMPLATE/documentation_change.yaml new file mode 100644 index 0000000..584d4b4 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/documentation_change.yaml @@ -0,0 +1,40 @@ +--- +name: 📖 Documentation Change +description: Suggest an addition or modification to the PDA documentation +labels: ["type: documentation"] +body: + - type: dropdown + attributes: + label: Change Type + description: What type of change are you proposing? + options: + - Addition + - Correction + - Removal + - Cleanup (formatting, typos, etc.) + validations: + required: true + - type: dropdown + attributes: + label: Area + description: To what section of the documentation does this change primarily pertain? + options: + - Features + - Installation/upgrade + - Getting started + - Configuration + - Customization + - Database Setup + - Debug + - Integrations/API + - Administration + - Development + - Other + validations: + required: true + - type: textarea + attributes: + label: Proposed Changes + description: Describe the proposed changes and why they are necessary. + validations: + required: true \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/feature_request.yaml b/.github/ISSUE_TEMPLATE/feature_request.yaml new file mode 100644 index 0000000..b2e1934 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yaml @@ -0,0 +1,71 @@ +--- +name: ✨ Feature Request +description: Propose a new PDA feature or enhancement +labels: ["type: feature"] +body: + - type: markdown + attributes: + value: > + **NOTE:** This form is only for submitting well-formed proposals to extend or modify + PDA in some way. If you're trying to solve a problem but can't figure out how, or if + you still need time to work on the details of a proposed new feature, please start a + [discussion](https://github.com/PowerDNS-Admin/PowerDNS-Admin/discussions) instead. + - type: input + attributes: + label: PDA version + description: What version of PDA are you currently running? + options: + - "0.4.0" + - "0.3.0" + - "0.2.5" + - "0.2.4" + - "0.2.3" + - "0.2.2" + - "0.2.1" + - "0.2" + - "0.1" + - "I'm Not Sure" + validations: + required: true + - type: dropdown + attributes: + label: Feature type + options: + - Data model modification + - App Setting Addition + - Default App Setting Change + - New functionality + - Change to existing functionality + validations: + required: true + - type: textarea + attributes: + label: Proposed functionality + description: > + Describe in detail the new feature or behavior you are proposing. Include any specific changes + to work flows, data models, and/or the user interface. The more detail you provide here, the + greater chance your proposal has of being discussed. Feature requests which don't include an + actionable implementation plan will be rejected. + validations: + required: true + - type: textarea + attributes: + label: Use case + description: > + Explain how adding this functionality would benefit PDA users. What need does it address? + validations: + required: true + - type: textarea + attributes: + label: Database changes + description: > + Note any changes to the database schema necessary to support the new feature. For example, + does the proposal require adding a new model or field? (Not all new features require database + changes.) + - type: textarea + attributes: + label: External dependencies + description: > + List any new dependencies on external libraries or services that this new feature would + introduce. For example, does the proposal require the installation of a new Python package? + (Not all new features introduce new dependencies.) \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/housekeeping.yaml b/.github/ISSUE_TEMPLATE/housekeeping.yaml new file mode 100644 index 0000000..dba7e3c --- /dev/null +++ b/.github/ISSUE_TEMPLATE/housekeeping.yaml @@ -0,0 +1,24 @@ +--- +name: 🏡 Housekeeping +description: A change pertaining to the codebase itself (developers only) +labels: ["type: housekeeping"] +body: + - type: markdown + attributes: + value: > + **NOTE:** This template is for use by maintainers only. Please do not submit + an issue using this template unless you have been specifically asked to do so. + - type: textarea + attributes: + label: Proposed Changes + description: > + Describe in detail the new feature or behavior you'd like to propose. + Include any specific changes to work flows, data models, or the user interface. + validations: + required: true + - type: textarea + attributes: + label: Justification + description: Please provide justification for the proposed change(s). + validations: + required: true \ No newline at end of file diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..05a6611 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,14 @@ + +### Fixes: #1234 + + \ No newline at end of file diff --git a/.github/stale.yml b/.github/stale.yml deleted file mode 100644 index 0c0b1c3..0000000 --- a/.github/stale.yml +++ /dev/null @@ -1,20 +0,0 @@ -# Number of days of inactivity before an issue becomes stale -daysUntilStale: 60 -# Number of days of inactivity before a stale issue is closed -daysUntilClose: 7 -# Issues with these labels will never be considered stale -exemptLabels: - - pinned - - bug / broken-feature - - bug / security-vulnerability - - feature / request - - mod / help-wanted -# Label to use when marking an issue as stale -staleLabel: mod / stale -# Comment to post when marking an issue as stale. Set to `false` to disable -markComment: > - This issue has been automatically marked as stale because it has not had - recent activity. It will be closed if no further activity occurs. Thank you - for your contributions. -# Comment to post when closing a stale issue. Set to `false` to disable -closeComment: true diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml new file mode 100644 index 0000000..9385024 --- /dev/null +++ b/.github/workflows/lock.yml @@ -0,0 +1,21 @@ +# lock-threads (https://github.com/marketplace/actions/lock-threads) +name: 'Lock threads' + +on: + schedule: + - cron: '0 3 * * *' + workflow_dispatch: + +permissions: + issues: write + pull-requests: write + +jobs: + lock: + runs-on: ubuntu-latest + steps: + - uses: dessant/lock-threads@v3 + with: + issue-inactive-days: 90 + pr-inactive-days: 30 + issue-lock-reason: 'resolved' \ No newline at end of file diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 0000000..66fd367 --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,45 @@ +# close-stale-issues (https://github.com/marketplace/actions/close-stale-issues) +name: 'Close stale issues/PRs' + +on: + schedule: + - cron: '0 4 * * *' + workflow_dispatch: + +permissions: + issues: write + pull-requests: write + +jobs: + stale: + + runs-on: ubuntu-latest + steps: + - uses: actions/stale@v6 + with: + close-issue-message: > + This issue has been automatically closed due to lack of activity. In an + effort to reduce noise, please do not comment any further. Note that the + core maintainers may elect to reopen this issue at a later date if deemed + necessary. + close-pr-message: > + This PR has been automatically closed due to lack of activity. + days-before-stale: 90 + days-before-close: 30 + exempt-issue-labels: 'status: accepted,status: blocked,status: needs milestone' + operations-per-run: 100 + remove-stale-when-updated: false + stale-issue-label: 'mod / stale' + stale-issue-message: > + This issue has been automatically marked as stale because it has not had + recent activity. It will be closed if no further activity occurs. PDA + is governed by a small group of core maintainers which means not all opened + issues may receive direct feedback. **Do not** attempt to circumvent this + process by "bumping" the issue; doing so will result in its immediate closure + and you may be barred from participating in any future discussions. Please see + our [contributing guide](https://github.com/PowerDNS-Admin/PowerDNS-Admin/blob/docs/CONTRIBUTING.md). + stale-pr-label: 'mod / stale' + stale-pr-message: > + This PR has been automatically marked as stale because it has not had + recent activity. It will be closed automatically if no further action is + taken. \ No newline at end of file diff --git a/README.md b/README.md index 5d07f93..1cc644c 100644 --- a/README.md +++ b/README.md @@ -74,9 +74,13 @@ You can then access PowerDNS-Admin by pointing your browser to http://localhost: ## Contributing -Please see our [contributing guidelines](https://github.com/PowerDNS-Admin/PowerDNS-Admin/blob/dev/docs/CONTRIBUTING.md). +Please see our [Contribution Guide](https://github.com/PowerDNS-Admin/PowerDNS-Admin/blob/dev/docs/CONTRIBUTING.md). + +## Code of Conduct + +Please see our [Code of Conduct Policy](https://github.com/PowerDNS-Admin/PowerDNS-Admin/blob/dev/docs/CODE_OF_CONDUCT.md). ## License This project is released under the MIT license. For additional -information, [see here](https://github.com/PowerDNS-Admin/PowerDNS-Admin/blob/master/LICENSE) +information, [see the full license](https://github.com/PowerDNS-Admin/PowerDNS-Admin/blob/master/LICENSE). diff --git a/docs/CODE_OF_CONDUCT.md b/docs/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..54b10d7 --- /dev/null +++ b/docs/CODE_OF_CONDUCT.md @@ -0,0 +1,74 @@ +# Code of Conduct + +# Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, gender identity and expression, level of experience, +nationality, personal appearance, race, religion, or sexual identity and +orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or +advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, and other contributions +that are not aligned to this Code of Conduct, or to ban temporarily or +permanently any contributor for other behaviors that they deem inappropriate, +threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. Examples of +representing a project or community include using an official project e-mail +address, posting via an official social media account, or acting as an appointed +representative at an online or offline event. Representation of a project may be +further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team at [admin@powerdnsadmin.org](mailto:admin@powerdnsadmin.org). All +complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, +available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md index df50ba2..8c82a80 100644 --- a/docs/CONTRIBUTING.md +++ b/docs/CONTRIBUTING.md @@ -1,88 +1,103 @@ -# Contributing +# Contribution Guide -Before submitting new contributions to this repository, it is a good idea to start a discussion with the repository -maintainers on GitHub through the use of issues or discussions. This will help to ensure that your efforts don't get -wasted if the submission is not desirable for the project. +**Looking for help?** PDA has a somewhat active community of fellow users that may be able to provide assistance. Just [start a discussion](https://github.com/PowerDNS-Admin/PowerDNS-Admin/discussions/new) right here on GitHub! -This is not to say that all contributions that have been discussed will be accepted either. As part of an ongoing -effort to clean up the codebase, some contributions may be rejected if they do not meet the standards of the project -which have not been fully defined yet. This is a work in progress. +
+

+ :bug: Report a bug · + :bulb: Suggest a feature · + :arrow_heading_up: Submit a pull request +

+

+ :rescue_worker_helmet: Become a maintainer · + :heart: Other ideas +

+
+

-Please note we have a code of conduct, please follow it in all your interactions with the project. +Some general tips for engaging here on GitHub: -All pull requests should be based on the `dev` branch of this repository and not the `master` branch! +* Register for a free [GitHub account](https://github.com/signup) if you haven't already. +* You can use [GitHub Markdown](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax) for formatting text and adding images. +* To help mitigate notification spam, please avoid "bumping" issues with no activity. (To vote an issue up or down, use a :thumbsup: or :thumbsdown: reaction.) +* Please avoid pinging members with `@` unless they've previously expressed interest or involvement with that particular issue. -## Code of Conduct +## :bug: Reporting Bugs -### Our Pledge +* First, ensure that you're running the [latest stable version](https://github.com/PowerDNS-Admin/PowerDNS-Admin/releases) of PDA. If you're running an older version, there's a chance that the bug has already been fixed. -In the interest of fostering an open and welcoming environment, we as -contributors and maintainers pledge to making participation in our project and -our community a harassment-free experience for everyone, regardless of age, body -size, disability, ethnicity, gender identity and expression, level of experience, -nationality, personal appearance, race, religion, or sexual identity and -orientation. +* Next, search our [issues list](https://github.com/PowerDNS-Admin/PowerDNS-Admin/issues?q=is%3Aissue) to see if the bug you've found has already been reported. If you come across a bug report that seems to match, please click "add a reaction" in the top right corner of the issue and add a thumbs up (:thumbsup:). This will help draw more attention to it. Any comments you can add to provide additional information or context would also be much appreciated. -### Our Standards +* If you can't find any existing issues (open or closed) that seem to match yours, you're welcome to [submit a new bug report](https://github.com/PowerDNS-Admin/PowerDNS-Admin/issues/new?label=type%3A+bug&template=bug_report.yaml). Be sure to complete the entire report template, including detailed steps that someone triaging your issue can follow to confirm the reported behavior. (If we're not able to replicate the bug based on the information provided, we'll ask for additional detail.) -Examples of behavior that contributes to creating a positive environment -include: +* Some other tips to keep in mind: + * Error messages and screenshots are especially helpful. + * Don't prepend your issue title with a label like `[Bug]`; the proper label will be assigned automatically. + * Verify that you have GitHub notifications enabled and are subscribed to your issue after submitting. + * We appreciate your patience as bugs are prioritized by their severity, impact, and difficulty to resolve. -* Using welcoming and inclusive language -* Being respectful of differing viewpoints and experiences -* Gracefully accepting constructive criticism -* Focusing on what is best for the community -* Showing empathy towards other community members +## :bulb: Feature Requests -Examples of unacceptable behavior by participants include: +* First, check the GitHub [issues list](https://github.com/PowerDNS-Admin/PowerDNS-Admin/issues?q=is%3Aissue) to see if the feature you have in mind has already been proposed. If you happen to find an open feature request that matches your idea, click "add a reaction" in the top right corner of the issue and add a thumbs up (:thumbsup:). This ensures that the issue has a better chance of receiving attention. Also feel free to add a comment with any additional justification for the feature. -* The use of sexualized language or imagery and unwelcome sexual attention or -advances -* Trolling, insulting/derogatory comments, and personal or political attacks -* Public or private harassment -* Publishing others' private information, such as a physical or electronic - address, without explicit permission -* Other conduct which could reasonably be considered inappropriate in a - professional setting +* If you have a rough idea that's not quite ready for formal submission yet, start a [GitHub discussion](https://github.com/PowerDNS-Admin/PowerDNS-Admin/discussions) instead. This is a great way to test the viability and narrow down the scope of a new feature prior to submitting a formal proposal, and can serve to generate interest in your idea from other community members. -### Our Responsibilities +* Once you're ready, submit a feature request [using this template](https://github.com/PowerDNS-Admin/PowerDNS-Admin/issues/new?label=type%3A+feature&template=feature_request.yaml). Be sure to provide sufficient context and detail to convey exactly what you're proposing and why. The stronger your use case, the better chance your proposal has of being accepted. -Project maintainers are responsible for clarifying the standards of acceptable -behavior and are expected to take appropriate and fair corrective action in -response to any instances of unacceptable behavior. +* Some other tips to keep in mind: + * Don't prepend your issue title with a label like `[Feature]`; the proper label will be assigned automatically. + * Try to anticipate any likely questions about your proposal and provide that information proactively. + * Verify that you have GitHub notifications enabled and are subscribed to your issue after submitting. + * You're welcome to volunteer to implement your FR, but don't submit a pull request until it has been approved. -Project maintainers have the right and responsibility to remove, edit, or -reject comments, commits, code, wiki edits, issues, and other contributions -that are not aligned to this Code of Conduct, or to ban temporarily or -permanently any contributor for other behaviors that they deem inappropriate, -threatening, offensive, or harmful. +## :arrow_heading_up: Submitting Pull Requests -### Scope +* [Pull requests](https://docs.github.com/en/pull-requests) (a feature of GitHub) are used to propose changes to NetBox's code base. Our process generally goes like this: + * A user opens a new issue (bug report or feature request) + * A maintainer triages the issue and may mark it as needing an owner + * The issue's author can volunteer to own it, or someone else can + * A maintainer assigns the issue to whomever volunteers + * The issue owner submits a pull request that will resolve the issue + * A maintainer reviews and merges the pull request, closing the issue -This Code of Conduct applies both within project spaces and in public spaces -when an individual is representing the project or its community. Examples of -representing a project or community include using an official project e-mail -address, posting via an official social media account, or acting as an appointed -representative at an online or offline event. Representation of a project may be -further defined and clarified by project maintainers. +* It's very important that you not submit a pull request until a relevant issue has been opened **and** assigned to you. Otherwise, you risk wasting time on work that may ultimately not be needed. -### Enforcement +* New pull requests should generally be based off of the `dev` branch, rather than `master`. The `dev` branch is used for ongoing development, while `master` is used for tracking stable releases. -Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting the project team at [admin@powerdnsadmin.org](mailto:admin@powerdnsadmin.org). All -complaints will be reviewed and investigated and will result in a response that -is deemed necessary and appropriate to the circumstances. The project team is -obligated to maintain confidentiality with regard to the reporter of an incident. -Further details of specific enforcement policies may be posted separately. +* In most cases, it is not necessary to add a changelog entry: A maintainer will take care of this when the PR is merged. (This helps avoid merge conflicts resulting from multiple PRs being submitted simultaneously.) -Project maintainers who do not follow or enforce the Code of Conduct in good -faith may face temporary or permanent repercussions as determined by other -members of the project's leadership. +* All code submissions should meet the following criteria (CI will eventually enforce these checks): + * Python syntax is valid + * PEP 8 compliance is enforced, with the exception that lines may be + greater than 80 characters in length -### Attribution +* Some other tips to keep in mind: + * If you'd like to volunteer for someone else's issue, please post a comment on that issue letting us know. (This will allow the maintainers to assign it to you.) + * All new functionality must include relevant tests where applicable. -This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, -available at [http://contributor-covenant.org/version/1/4][version] +## :rescue_worker_helmet: Become a Maintainer -[homepage]: http://contributor-covenant.org -[version]: http://contributor-covenant.org/version/1/4/ +We're always looking for motivated individuals to join the maintainers team and help drive PDA's long-term development. Some of our most sought-after skills include: + +* Python development with a strong focus on the [Flask](https://flask.palletsprojects.com/) and [Django](https://www.djangoproject.com/) frameworks +* Expertise working with SQLite, MySQL, and/or PostgreSQL databases +* Javascript & TypeScript proficiency +* A knack for web application design (HTML & CSS) +* Familiarity with git and software development best practices +* Excellent attention to detail +* Working experience in the field of network operations as it relates to the use of DNS (Domain Name System) servers. + +We generally ask that maintainers dedicate around four hours of work to the project each week on average, which includes both hands-on development and project management tasks such as issue triage. + +We do maintain an active Mattermost instance for internal communication, but we also use GitHub issues for project management. + +Some maintainers petition their employer to grant some of their paid time to work on PDA. + +Interested? You can contact our lead maintainer, Matt Scott, at admin@powerdnsadmin.org. We'd love to have you on the team! + +## :heart: Other Ways to Contribute + +You don't have to be a developer to contribute to PDA: There are plenty of other ways you can add value to the community! Below are just a few examples: + +* Help answer questions and provide feedback in our [GitHub discussions](https://github.com/PowerDNS-Admin/PowerDNS-Admin/discussions). +* Write a blog article or record a YouTube video demonstrating how PDA is used at your organization. diff --git a/docs/SECURITY.md b/docs/SECURITY.md new file mode 100644 index 0000000..bd91d36 --- /dev/null +++ b/docs/SECURITY.md @@ -0,0 +1,31 @@ +# Security Policy + +## No Warranty + +Per the terms of the MIT license, PDA is offered "as is" and without any guarantee or warranty pertaining to its operation. While every reasonable effort is made by its maintainers to ensure the product remains free of security vulnerabilities, users are ultimately responsible for conducting their own evaluations of each software release. + +## Recommendations + +Administrators are encouraged to adhere to industry best practices concerning the secure operation of software, such as: + +* Do not expose your PDA installation to the public Internet +* Do not permit multiple users to share an account +* Enforce minimum password complexity requirements for local accounts +* Prohibit access to your database from clients other than the PDA application +* Keep your deployment updated to the most recent stable release + +## Reporting a Suspected Vulnerability + +If you believe you've uncovered a security vulnerability and wish to report it confidentially, you may do so via email. Please note that any reported vulnerabilities **MUST** meet all the following conditions: + +* Affects the most recent stable release of PDA, or a current beta release +* Affects a PDA instance installed and configured per the official documentation +* Is reproducible following a prescribed set of instructions + +Please note that we **DO NOT** accept reports generated by automated tooling which merely suggest that a file or file(s) _may_ be vulnerable under certain conditions, as these are most often innocuous. + +If you believe that you've found a vulnerability which meets all of these conditions, please [submit a draft security advisory](https://github.com/PowerDNS-Admin/PowerDNS-Admin/security/advisories/new) on GitHub, or email a brief description of the suspected bug and instructions for reproduction to **admin@powerdnsadmin.org**. + +### Bug Bounties + +As PDA is provided as free open source software, we do not offer any monetary compensation for vulnerability or bug reports, however your contributions are greatly appreciated. \ No newline at end of file