docs: add CONTRIBUTING.md and SECURITY.md for open source
Some checks failed
CI Pipeline / Rust Format Check (push) Successful in 6s
CI Pipeline / Clippy Lints (push) Successful in 53s
CI Pipeline / Rust Unit Tests (push) Failing after 1m11s
CI Pipeline / Security Audit (push) Successful in 4s
CI Pipeline / Frontend Lint & Type Check (push) Successful in 15s
CI Pipeline / Build .deb & Release (push) Has been skipped
Some checks failed
CI Pipeline / Rust Format Check (push) Successful in 6s
CI Pipeline / Clippy Lints (push) Successful in 53s
CI Pipeline / Rust Unit Tests (push) Failing after 1m11s
CI Pipeline / Security Audit (push) Successful in 4s
CI Pipeline / Frontend Lint & Type Check (push) Successful in 15s
CI Pipeline / Build .deb & Release (push) Has been skipped
This commit is contained in:
Draco Lunaris
94
CONTRIBUTING.md
Normal file
94
CONTRIBUTING.md
Normal file
@ -0,0 +1,94 @@
|
||||
# Contributing to Linux-Patch-Manager
|
||||
|
||||
Thank you for your interest in contributing to Linux-Patch-Manager! We appreciate every contribution — from bug reports and documentation improvements to new features and security fixes.
|
||||
|
||||
## Code of Conduct
|
||||
|
||||
This project follows the [Contributor Covenant v2.1](https://www.contributor-covenant.org/version/2/1/code_of_conduct/) code of conduct. By participating, you are expected to uphold this standard. Please report unacceptable behavior to the maintainers.
|
||||
|
||||
## How to Contribute
|
||||
|
||||
1. **Fork** the repository
|
||||
2. Create a **feature branch** from `main`:
|
||||
```bash
|
||||
git checkout -b feat/my-feature
|
||||
```
|
||||
3. Make your changes
|
||||
4. Ensure all CI checks pass:
|
||||
```bash
|
||||
# Rust backend
|
||||
cargo fmt --check
|
||||
cargo clippy -- -D warnings
|
||||
cargo test
|
||||
|
||||
# TypeScript/React frontend
|
||||
cd frontend
|
||||
npm run lint
|
||||
npm run build
|
||||
npm test
|
||||
```
|
||||
5. **Commit** using conventional commit format (see below)
|
||||
6. Open a **Pull Request** against `main`
|
||||
|
||||
## Development Setup
|
||||
|
||||
### Prerequisites
|
||||
|
||||
- **Rust toolchain** (stable) — [rustup](https://rustup.rs/)
|
||||
- **Node.js** 20+ (for the frontend) — [nvm](https://github.com/nvm-sh/nvm) recommended
|
||||
- **System dependencies**:
|
||||
```bash
|
||||
sudo apt-get install build-essential libsystemd-dev pkg-config libssl-dev
|
||||
```
|
||||
|
||||
### Build & Run
|
||||
|
||||
```bash
|
||||
# Backend
|
||||
cargo build
|
||||
cargo test
|
||||
|
||||
# Frontend
|
||||
cd frontend
|
||||
npm install
|
||||
npm run build
|
||||
npm test
|
||||
```
|
||||
|
||||
## Commit Messages
|
||||
|
||||
We use [Conventional Commits](https://www.conventionalcommits.org/):
|
||||
|
||||
| Prefix | Usage |
|
||||
|----------|------------------------|
|
||||
| `feat:` | New feature |
|
||||
| `fix:` | Bug fix |
|
||||
| `docs:` | Documentation changes |
|
||||
| `chore:` | Maintenance tasks |
|
||||
| `refactor:` | Code refactoring |
|
||||
| `test:` | Adding or updating tests |
|
||||
| `ci:` | CI configuration changes |
|
||||
|
||||
Example:
|
||||
```
|
||||
feat: add patch scheduling to manager dashboard
|
||||
```
|
||||
|
||||
## Pull Request Requirements
|
||||
|
||||
- All CI checks must pass (fmt, clippy, test, audit, build)
|
||||
- One feature or fix per PR — keep changes focused
|
||||
- Include a clear description of what changed and why
|
||||
- Update documentation if your change affects behavior
|
||||
|
||||
## Reporting Issues
|
||||
|
||||
Use [GitHub Issues](https://github.com/Draco-Lunaris/Linux-Patch-Manager/issues) to report bugs, request features, or ask questions. Please include:
|
||||
|
||||
- Steps to reproduce (for bugs)
|
||||
- Expected vs. actual behavior
|
||||
- Relevant logs or error messages
|
||||
|
||||
## License
|
||||
|
||||
By contributing, you agree that your contributions are licensed under the [Apache License 2.0](LICENSE), the same license as this project.
|
||||
46
SECURITY.md
Normal file
46
SECURITY.md
Normal file
@ -0,0 +1,46 @@
|
||||
# Security Policy
|
||||
|
||||
## Supported Versions
|
||||
|
||||
Only the **latest release** is currently supported with security updates.
|
||||
|
||||
| Version | Supported |
|
||||
|---------|----------|
|
||||
| Latest | ✅ |
|
||||
| Older | ❌ |
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
**Do not report security vulnerabilities through public GitHub Issues.**
|
||||
|
||||
Instead, use GitHub's private vulnerability reporting:
|
||||
|
||||
👉 [Report a vulnerability for Linux-Patch-Manager](https://github.com/Draco-Lunaris/Linux-Patch-Manager/security/advisories/new)
|
||||
|
||||
This allows us to coordinate a fix before public disclosure.
|
||||
|
||||
### Response Timeline
|
||||
|
||||
- **Acknowledgment** within 48 hours
|
||||
- **Initial assessment** within 7 days
|
||||
- **Ongoing updates** on remediation progress
|
||||
|
||||
## Disclosure Policy
|
||||
|
||||
We follow **coordinated disclosure**:
|
||||
|
||||
- We ask for **90 days** before public disclosure of a vulnerability
|
||||
- Security advisories are published via [GitHub Security Advisories](https://github.com/Draco-Lunaris/Linux-Patch-Manager/security/advisories)
|
||||
- We will work with you to determine an appropriate disclosure timeline when a fix requires more time
|
||||
|
||||
## Security Best Practices
|
||||
|
||||
This project is a security tool — we hold ourselves to a high standard:
|
||||
|
||||
- **Signed commits**: All commits must be signed (SSH signing)
|
||||
- **CI enforcement**: All PRs require passing CI checks (fmt, clippy, test, audit, build)
|
||||
- **Dependency auditing**: `cargo audit` runs in CI to catch known vulnerabilities
|
||||
|
||||
## Credit
|
||||
|
||||
Contributors who responsibly report vulnerabilities will be credited in the corresponding GitHub Security Advisory.
|
||||
Reference in New Issue
Block a user