From 4192576ddc2df6da4aa4bef48a6b07107b205d36 Mon Sep 17 00:00:00 2001 From: James Stuckey Weber Date: Fri, 24 May 2024 15:49:16 -0400 Subject: [PATCH] Add Code of Conduct, Security policy --- CODE_OF_CONDUCT.md | 145 +++++++++++++++++++++++++++++++++++++++++++++ SECURITY.md | 20 +++++++ 2 files changed, 165 insertions(+) create mode 100644 CODE_OF_CONDUCT.md create mode 100644 SECURITY.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..e2c4a740 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,145 @@ +# Code of Conduct + +As a company, we want to embrace the very differences that have made +our collaboration successful, and work together to provide the best +environment for learning, growing, working, and sharing ideas. It is +imperative that OddBird continue to be a welcoming, challenging, fun, +and fair place to work. + +OddBird is dedicated to providing a harassment-free environment for +everyone – regardless of gender, gender identity and expression, sexual +orientation, disability, physical appearance, body size, age, race, or +religion. We do not tolerate harassment in any form. If you are being +harassed by an OddBird contributor, notice that someone else is being +harassed, or have any other concerns, please contact the owners: + +- All: +- Carl Meyer: +- Jonny Gerig Meyer: +- Miriam Suzanne: + +## Contributors strive to: + +- **Be welcoming, kind, and helpful** +- **Be collaborative, open, and transparent** +- **Take responsibility for our words and actions** +- **Look out for each other** + +## Scope + +This document and related procedures apply to behavior occurring inside +or outside the scope of OddBird activities, online or in-person, in +public, at work, in one-on-one communications, and anywhere such +behavior has the potential to adversely affect the safety and well-being +of OddBird contributors. Any OddBird contributor who violates this code +of conduct may be sanctioned, removed from the team, or expelled from +OddBird community spaces and activities at the discretion of the owners. + +If you are being harassed by an OddBird contributor outside our work +environment, we still want to know about it. We will take all good-faith +reports of harassment by OddBird contributors, especially the owners, +seriously. This includes harassment outside our spaces, and harassment +that took place at any point in time. We reserve the right to exclude +people from OddBird spaces and activities based on their past behavior, +including behavior outside OddBird spaces, and behavior towards people +who are not OddBird contributors. + +OddBird contributors include owners, contractors, clients, open source +contributors, and anyone participating in OddBird spaces or activities. + +## Harassment includes: + +- Derogatory, unwelcome, or discriminatory comments related to gender, + gender identity and expression, sexual orientation, disability, + mental illness, neuro(a)typicality, physical appearance, body size, + age, race, or religion. +- Repeated unwelcome comments regarding a person’s lifestyle choices + and practices, including but not limited to topics like food, + health, parenting, relationships, geographic locations, drugs, and + employment. +- Deliberate misgendering or use of ‘dead’ or rejected names. +- Gratuitous or off-topic sexual images or behavior in spaces where + they are not appropriate. +- Physical contact and simulated physical contact (eg, textual + descriptions like “`*hug*`” or “`*backrub*`”) without consent or + after a request to stop. +- Threats of violence. +- Incitement of violence towards any individual, including encouraging + a person to commit suicide or to engage in self-harm. +- Deliberate intimidation. +- Stalking or following. +- Harassing photography or recording, including logging online + activity for harassment purposes. +- Sustained disruption of discussion. +- Unwelcome sexual attention. +- Continued one-on-one communication after requests to cease. +- Deliberate “outing” of any aspect of a person’s identity without + their consent – except as necessary to protect vulnerable people + from intentional abuse. +- Publication of non-harassing private communication. + +## Exclusions + +OddBird prioritizes marginalized people’s safety over privileged +people’s comfort. The owners will not act on complaints regarding: + +- ‘Reverse’ -isms, including ‘reverse racism,’ ‘reverse sexism,’ and + ‘cisphobia’ +- Reasonable communication of boundaries, such as “leave me alone,” + “go away,” or “I’m not discussing this with you.” +- Communicating in a ‘tone’ you don’t find congenial +- Criticizing racist, sexist, cissexist, or otherwise oppressive + behavior or assumptions + +## Reporting + +If you are being harassed by an OddBird contributor, notice that someone +else is being harassed, or have any other concerns, please contact the +owners: + +- All: +- Carl Meyer: +- Jonny Gerig Meyer: +- Miriam Suzanne: + +If the person who is harassing you is one of the owners, that owner will +recuse themselves from handling your incident. We will respond as +promptly as we can. + +In order to protect this policy from abuse, we reserve the right to +reject any report we believe to have been made in bad faith. Reports +intended to silence legitimate criticism may be deleted without +response. + +We will respect confidentiality requests for the purpose of protecting +victims of abuse. At our discretion, we may publicly name a person about +whom we’ve received harassment complaints, or privately warn third +parties about them, if we believe that doing so will increase the safety +of OddBird contributors or the general public. We will not name +harassment victims without their affirmative consent. + +## Consequences + +OddBird contributors asked to stop any harassing behavior are expected +to comply immediately. If a participant engages in harassing behavior, +the owners may take any action they deem appropriate, up to and +including expulsion from all OddBird spaces and activities, as well as +identification of the participant as a harasser to other OddBird contributors +or the general public. + +The OddBird owners will be happy to help participants contact any +relevant security or law enforcement officials, provide escorts, or +otherwise assist any OddBird contributors experiencing harassment to +feel safe for the duration of their interaction with our company. + +## Attribution + +This anti-harassment policy is based on the example policy from the +[Geek Feminism wiki], created by the Geek Feminism community, as well as +the [Sass Community Guidelines], [Slack Developer Community Code of +Conduct], and [FreeBSD Code of Conduct]. + +[Geek Feminism wiki]: https://geekfeminism.fandom.com/wiki/Community_anti-harassment +[Sass Community Guidelines]: https://sass-lang.com/community-guidelines/ +[Slack Developer Community Code of Conduct]: https://api.slack.com/community/code-of-conduct +[FreeBSD Code of Conduct]: https://www.freebsd.org/internal/code-of-conduct/ diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..93762b24 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,20 @@ +# Security Policy + +## Reporting security issues + +The OddBird team and community take security seriously. We appreciate your +efforts to responsibly disclose your findings, and will make every effort to +acknowledge your contributions. + +To report a security issue, please open a private vulnerability report at +https://github.com/oddbird/css-anchor-positioning/security/advisories/new. + +## Version support + +While discovering new vulnerabilities is rare, we always recommend using the +latest version to ensure your application remains as secure as possible. + +This project follows [semantic versioning](https://semver.org/) principles. +Security updates will be released for the latest major version. Maintainers will +determine if security updates will be released for other versions, depending on +the severity of the vulnerability and the usage of other versions.