From 7e623bafcc5a3a7b5a82cb606a32e90ee5a41ac2 Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Fri, 22 Mar 2024 13:41:07 +0100 Subject: [PATCH] Update top-level documentation Signed-off-by: Drew DeVault --- CODE_OF_CONDUCT.md | 2 +- CONTRIBUTING.md | 4 +++- SECURITY.md | 42 +----------------------------------------- 3 files changed, 5 insertions(+), 43 deletions(-) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 648a49268..f89ab6874 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -49,7 +49,7 @@ representative at an online or offline event. Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at -this email address: redis@redis.io. +this email address: sir@cmpwn.com. (Note: this is a temporary measure) All complaints will be reviewed and investigated promptly and fairly. All community leaders are obligated to respect the privacy and security of the reporter of any incident. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3aa95fa5d..7b83045d3 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,5 +1,7 @@ Contributors to Redict are asked to agree to the [Developer Certificate of -Origin][0] when contributing code to the project: +Origin][0] when contributing code to the project, reproduced below. To indicate +that you agree to the DCO, please use `git commit -s` to "sign-off" your +changes when contributing. [0]: https://developercertificate.org/ diff --git a/SECURITY.md b/SECURITY.md index 5c348319d..3110b00f5 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,43 +1,3 @@ # Security Policy -## Supported Versions - -Redis is generally backwards compatible with very few exceptions, so we -recommend users to always use the latest version to experience stability, -performance and security. - -We generally backport security issues to a single previous major version, -unless this is not possible or feasible with a reasonable effort. - -| Version | Supported | -| ------- | ------------------ | -| 7.2.x | :white_check_mark: | -| 7.0.x | :white_check_mark: | -| 6.2.x | :white_check_mark: | -| < 6.2 | :x: | - -## Reporting a Vulnerability - -If you believe you've discovered a serious vulnerability, please contact the -Redis core team at redis@redis.io. We will evaluate your report and if -necessary issue a fix and an advisory. If the issue was previously undisclosed, -we'll also mention your name in the credits. - -## Responsible Disclosure - -In some cases, we may apply a responsible disclosure process to reported or -otherwise discovered vulnerabilities. We will usually do that for a critical -vulnerability, and only if we have a good reason to believe information about -it is not yet public. - -This process involves providing an early notification about the vulnerability, -its impact and mitigations to a short list of vendors under a time-limited -embargo on public disclosure. - -Vendors on the list are individuals or organizations that maintain Redis -distributions or provide Redis as a service, who have third party users who -will benefit from the vendor's ability to prepare for a new version or deploy a -fix early. - -If you believe you should be on the list, please contact us and we will -consider your request based on the above criteria. +(To be updated following fork)