git-echo/linux_patch_manager
Private
Public Access
1
0
Fork 0
Code Releases 8 Wiki Activity

docs: add CONTRIBUTING.md and SECURITY.md for open source
Some checks failed
CI Pipeline / Rust Format Check (push) Successful in 6s
CI Pipeline / Clippy Lints (push) Successful in 53s
CI Pipeline / Rust Unit Tests (push) Failing after 1m11s
CI Pipeline / Security Audit (push) Successful in 4s
CI Pipeline / Frontend Lint & Type Check (push) Successful in 15s
CI Pipeline / Build .deb & Release (push) Has been skipped

Browse Source
This commit is contained in:
Draco Lunaris
2026-05-31 00:12:14 -05:00
parent f557e21e09
commit 0f0a534f25
2 changed files with 140 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
CONTRIBUTING.md Normal file
View File

@ -0,0 +1,94 @@
# Contributing to Linux-Patch-Manager
Thank you for your interest in contributing to Linux-Patch-Manager! We appreciate every contribution — from bug reports and documentation improvements to new features and security fixes.
## Code of Conduct
This project follows the [Contributor Covenant v2.1](https://www.contributor-covenant.org/version/2/1/code_of_conduct/) code of conduct. By participating, you are expected to uphold this standard. Please report unacceptable behavior to the maintainers.
## How to Contribute
1. **Fork** the repository
2. Create a **feature branch** from `main`:
```bash
git checkout -b feat/my-feature
```
3. Make your changes
4. Ensure all CI checks pass:
```bash
# Rust backend
cargo fmt --check
cargo clippy -- -D warnings
cargo test
# TypeScript/React frontend
cd frontend
npm run lint
npm run build
npm test
```
5. **Commit** using conventional commit format (see below)
6. Open a **Pull Request** against `main`
## Development Setup
### Prerequisites
- **Rust toolchain** (stable) — [rustup](https://rustup.rs/)
- **Node.js** 20+ (for the frontend) — [nvm](https://github.com/nvm-sh/nvm) recommended
- **System dependencies**:
```bash
sudo apt-get install build-essential libsystemd-dev pkg-config libssl-dev
```
### Build & Run
```bash
# Backend
cargo build
cargo test
# Frontend
cd frontend
npm install
npm run build
npm test
```
## Commit Messages
We use [Conventional Commits](https://www.conventionalcommits.org/):
| Prefix | Usage |
|----------|------------------------|
| `feat:` | New feature |
| `fix:` | Bug fix |
| `docs:` | Documentation changes |
| `chore:` | Maintenance tasks |
| `refactor:` | Code refactoring |
| `test:` | Adding or updating tests |
| `ci:` | CI configuration changes |
Example:
```
feat: add patch scheduling to manager dashboard
```
## Pull Request Requirements
- All CI checks must pass (fmt, clippy, test, audit, build)
- One feature or fix per PR — keep changes focused
- Include a clear description of what changed and why
- Update documentation if your change affects behavior
## Reporting Issues
Use [GitHub Issues](https://github.com/Draco-Lunaris/Linux-Patch-Manager/issues) to report bugs, request features, or ask questions. Please include:
- Steps to reproduce (for bugs)
- Expected vs. actual behavior
- Relevant logs or error messages
## License
By contributing, you agree that your contributions are licensed under the [Apache License 2.0](LICENSE), the same license as this project.

46
SECURITY.md Normal file
View File

@ -0,0 +1,46 @@
# Security Policy
## Supported Versions
Only the **latest release** is currently supported with security updates.
| Version | Supported |
|---------|----------|
| Latest | ✅ |
| Older | ❌ |
## Reporting a Vulnerability
**Do not report security vulnerabilities through public GitHub Issues.**
Instead, use GitHub's private vulnerability reporting:
👉 [Report a vulnerability for Linux-Patch-Manager](https://github.com/Draco-Lunaris/Linux-Patch-Manager/security/advisories/new)
This allows us to coordinate a fix before public disclosure.
### Response Timeline
- **Acknowledgment** within 48 hours
- **Initial assessment** within 7 days
- **Ongoing updates** on remediation progress
## Disclosure Policy
We follow **coordinated disclosure**:
- We ask for **90 days** before public disclosure of a vulnerability
- Security advisories are published via [GitHub Security Advisories](https://github.com/Draco-Lunaris/Linux-Patch-Manager/security/advisories)
- We will work with you to determine an appropriate disclosure timeline when a fix requires more time
## Security Best Practices
This project is a security tool — we hold ourselves to a high standard:
- **Signed commits**: All commits must be signed (SSH signing)
- **CI enforcement**: All PRs require passing CI checks (fmt, clippy, test, audit, build)
- **Dependency auditing**: `cargo audit` runs in CI to catch known vulnerabilities
## Credit
Contributors who responsibly report vulnerabilities will be credited in the corresponding GitHub Security Advisory.