privsec.dev/CONTRIBUTING.md
2023-01-15 05:00:43 -05:00

13 KiB
Raw Blame History

Contributing to PrivSec.dev

Thank you for your interest in contributing! In addition to standard GitHub etiquette, please follow these specific guidelines for contributing to PrivSec.dev.


Security Vulnerabilities

Please refer to the published Security Policy.


Post Contribution Guidelines

This section ("Post Contribution Guidelines") serves in part as a humanreadable summary of (but not a substitute for) the Contributor License Agreement, with supplementary information about contribution management policies. This section is not a license agreement and has no legal value. You should carefully review the terms and conditions of the actual Contributor License Agreement before agreeing to its terms and submitting a contribution.


All posts are submitted to PrivSec.dev under a Creative Commons AttributionShareAlike 4.0 International License, which allows PrivSec.dev and downstream recipients to adapt and redistribute the work under the same license. Contributors retain copyright ownership and are free to do as they please with their own work, including posting to other websites and distribution under any license of their choosing. However, with limited exceptions, PrivSec.dev will not advertise other licenses or distribution channels.

PrivSec.dev places heavy emphasis on the autonomy of primary post authors (in most cases the original authors of posts). Whenever possible, primary post authors will be invited to review issues and pull requests seeking to update their work. However, the PrivSec.dev team reserves the right to both implement and reject changes at their sole discretion, including but not limited to cases of trivial fixes (e.g. typographical error correction), unsatisfactory change quality, removal of old/outdated information, and an unresponsive or unreachable primary post author.

If deemed necessary on a casebycase basis, the PrivSec.dev team will archive and/or fork posts. This mechanism exists in part to avoid any perception that substantial changes to a post's content were written, approved, or endorsed by the primary post author when they in fact were not. In the event of a fork, relevant noteworthy contributors may be invited to assume the title of primary post author of the fork. If no suitable authorship agreement can be reached, the PrivSec.dev team shall retain editorial control while continuing to invite relevant contributors to review change proposals.

Any request which requires rewriting Git history will almost certainly be rejected. Rewriting history is an extremely disruptive, tedious, and sometimes errorprone process which shall only be invoked in extenuating circumstances. Forks and local checkouts retain the original commit log anyway, so history rewriting is ineffective for any sort of data erasure. Please assume all contributions are logged forever (by someone even if not the PrivSec.dev team) and review your submissions carefully.


Corrections and Changes to Existing Posts

Issues and pull requests are both acceptable.

Pull requests are preferable for minor changes like correcting typographical errors or rewording to improve clarity.

For more substantial changes, consider opening an issue to discuss your proposal before doing significant work on it. We would hate for you to spend significant time creating a pull request only for it to be rejected or need major changes.

Note that we will likely defer you upstream in cases where PrivSec.dev mirrors an upstream version of a post. You are encouraged to proactively reach out to the upstream and open an issue here for tracking.


New Post Submissions and Requests

Please informally present your request/proposal with the maintainers in a discussion (preferred) or in the PrivSec.dev Matrix room, #privsec:arcticfoxes.net. Research is expected to be wellsourced with citations provided wherever applicable. If you are submitting content already written, feel free to directly open a pull request or draft pull request.


Website Configuration Issues and Enhancements

Please open an issue and provide as much detail as possible (screenshot, how to reproduce, browser and version, etc.). If the solution is exceedingly trivial, you may open a pull request directly, but we strongly encourage opening an issue first as some apparent issues may be deliberate.



Contributor License Agreement

To clarify the intellectual property license granted with Contributions from any person or entity, all contributors must indicate agreement with the following License Agreement. This Agreement is for Your protection as a contributor as well as the protection of the PrivSec.dev Organization and the recipients and users of its Work. It does not change your rights to use your own Contributions for any other purpose.

  1. Definitions.

    • The "PrivSec.dev Organization" shall mean the collective of individuals bearing privileged access to directly or indirectly influence the website located at https://privsec.dev and contents thereof, and whose privileged access was granted (and not subsequently revoked) by deliberate and explicit action on the premise of invitation to the PrivSec.dev Organization, by a member of the PrivSec.dev Organization authorized to take such action. This definition necessarily excludes entities such as service providers and their employees who may incidentally bear such privileged access as consequence of their roles as service providers for the PrivSec.dev Organization.

    • "You" shall mean the copyright owner or legal entity authorized by the copyright owner that is entering into this Agreement with the PrivSec.dev Organization. "Your" shall have a corresponding meaning.

    • "Contribution" shall mean any original work of authorship, including any modifications or additions to an existing work, that is or was previously intentionally Submitted by You to the PrivSec.dev Organization for inclusion in, or documentation of, any of the products owned, managed, maintained, or otherwise under the custodianship of the PrivSec.dev Organization (collectively the "Work"). For the purposes of this definition, "Submitted" means any form of electronic, verbal, or written communication sent to the PrivSec.dev Organization or its representatives, including but not limited to communication on electronic message boards and mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the PrivSec.dev Organization for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by You as "Not a Contribution".

    • A "Post" shall mean any independent and standalone creative work in the form of written article or document, not necessarily of singular authorship and potentially a compilation of multiple Contributions and potentially including or adapting one or more other works such as images, which is published or shall or might prospectively be published as a webpage on the https://privsec.dev website. Surrounding text, rendered representations of formatting cues, and any other elements which comprise the ultimate representation(s) of a Post on the https://privsec.dev website but which are fundamentally distinct from, and merely incidental to, the Post's status as a standalone creative work shall not be considered parts of the Post. Any work which may otherwise satisfy the criteria to be a Post but whose meaning, significance, and audience are inextricably linked to the PrivSec.dev Organization — including, but not limited to, documentation of the PrivSec.dev Organization or its policies and procedures — shall not be considered a Post; in other words, a reasonable observer should not perceive a Post as "out of place" if the Post is actually or hypothetically published in a real or hypothetical publication with similar focus (potentially broader) as the https://privsec.dev website but lacking any affiliation with the PrivSec.dev Organization.

    • "Post Contribution" shall refer to a Contribution seeking to modify, extend, or document one or more Posts, or a Contribution in pursuit of the publication of a Post (especially a newly created Post). A Post Contribution must conspicuously and unambiguously indicate in writing all Posts which it concerns. "NonPost Contribution" shall mean any Contribution which is not a Post Contribution.

  2. Grant of Copyright License for Post Contributions. Subject to the terms and conditions of this Agreement, You hereby license to the PrivSec.dev Organization your Post Contributions under the Creative Commons AttributionShareAlike 4.0 International Public License and agree to all other applicable terms and conditions of this License Agreement.

  3. Grant of Copyright License for NonPost Contributions. Subject to the terms and conditions of this Agreement, You hereby grant to the PrivSec.dev Organization a perpetual, worldwide, nonexclusive, nocharge, royaltyfree, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Your NonPost Contributions and such derivative works.

  4. Grant of Patent License. Subject to the terms and conditions of this Agreement, You hereby grant to the PrivSec.dev Organization and to recipients and users of the Work or other products distributed by the PrivSec.dev Organization a perpetual, worldwide, nonexclusive, nocharge, royaltyfree, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by You that are necessarily infringed by Your Contribution(s) alone or by combination of Your Contribution(s) with the Work. If any entity institutes patent litigation against You or any other entity (including a crossclaim or counterclaim in a lawsuit) alleging that your Contribution or the Work constitutes direct or contributory patent infringement, then all patent licenses granted to that entity under this Agreement for that Contribution or for the Work shall terminate as of the date such litigation is filed.

  5. You represent that You are legally entitled to grant the above licenses. If Your employer(s) have rights to intellectual property that You create that includes Your Contributions, You represent that You have received permission to make Contributions on behalf of each such employer or that each such employer has waived such rights for Your Contributions to the PrivSec.dev Organization.

  6. You represent that each of Your Contributions is Your original creation (see section 8 for submissions on behalf of others). You represent that Your Contribution submissions include complete details of any thirdparty license or other restriction (including, but not limited to, related patents and trademarks) of which You are personally aware and which are associated with any part of Your Contributions.

  7. You are not expected to provide support for Your Contributions, except to the extent You desire to provide support. You may provide support for free, for a fee, or not at all. Unless required by applicable law or agreed to in writing, You provide Your Contributions on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NONINFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.

  8. Should You wish to submit work that is not Your original creation, You may submit it to the PrivSec.dev Organization separately from any Contribution, identifying the complete details of its source and of any license or other restriction (including, but not limited to, related patents, trademarks, and license agreements) of which you are personally aware, and conspicuously marking the work as "Sourced from a thirdparty: <named here>".

  9. You agree to notify the PrivSec.dev Organization of any facts or circumstances of which you become aware that would make these representations inaccurate in any respect.

  10. To the extent possible, if any provision of this License Agreement is deemed unenforceable, it shall be automatically reformed to the minimum extent necessary to make it enforceable. If the provision cannot be reformed, it shall be severed from this License Agreement without affecting the enforceability of the remaining terms and conditions.