Add Code of Conduct, Security policy

CODE_OF_CONDUCT.md

@@ -0,0 +1,145 @@
+# Code of Conduct
+
+As a company, we want to embrace the very differences that have made
+our collaboration successful, and work together to provide the best
+environment for learning, growing, working, and sharing ideas. It is
+imperative that OddBird continue to be a welcoming, challenging, fun,
+and fair place to work.
+
+OddBird is dedicated to providing a harassment-free environment for
+everyone – regardless of gender, gender identity and expression, sexual
+orientation, disability, physical appearance, body size, age, race, or
+religion. We do not tolerate harassment in any form. If you are being
+harassed by an OddBird contributor, notice that someone else is being
+harassed, or have any other concerns, please contact the owners:
+
+- All: <owners@oddbird.net>
+- Carl Meyer: <carl@oddbird.net>
+- Jonny Gerig Meyer: <jonny@oddbird.net>
+- Miriam Suzanne: <miriam@oddbird.net>
+
+## Contributors strive to:
+
+- **Be welcoming, kind, and helpful**
+- **Be collaborative, open, and transparent**
+- **Take responsibility for our words and actions**
+- **Look out for each other**
+
+## Scope
+
+This document and related procedures apply to behavior occurring inside
+or outside the scope of OddBird activities, online or in-person, in
+public, at work, in one-on-one communications, and anywhere such
+behavior has the potential to adversely affect the safety and well-being
+of OddBird contributors. Any OddBird contributor who violates this code
+of conduct may be sanctioned, removed from the team, or expelled from
+OddBird community spaces and activities at the discretion of the owners.
+
+If you are being harassed by an OddBird contributor outside our work
+environment, we still want to know about it. We will take all good-faith
+reports of harassment by OddBird contributors, especially the owners,
+seriously. This includes harassment outside our spaces, and harassment
+that took place at any point in time. We reserve the right to exclude
+people from OddBird spaces and activities based on their past behavior,
+including behavior outside OddBird spaces, and behavior towards people
+who are not OddBird contributors.
+
+OddBird contributors include owners, contractors, clients, open source
+contributors, and anyone participating in OddBird spaces or activities.
+
+## Harassment includes:
+
+- Derogatory, unwelcome, or discriminatory comments related to gender,
+  gender identity and expression, sexual orientation, disability,
+  mental illness, neuro(a)typicality, physical appearance, body size,
+  age, race, or religion.
+- Repeated unwelcome comments regarding a person’s lifestyle choices
+  and practices, including but not limited to topics like food,
+  health, parenting, relationships, geographic locations, drugs, and
+  employment.
+- Deliberate misgendering or use of ‘dead’ or rejected names.
+- Gratuitous or off-topic sexual images or behavior in spaces where
+  they are not appropriate.
+- Physical contact and simulated physical contact (eg, textual
+  descriptions like “`*hug*`” or “`*backrub*`”) without consent or
+  after a request to stop.
+- Threats of violence.
+- Incitement of violence towards any individual, including encouraging
+  a person to commit suicide or to engage in self-harm.
+- Deliberate intimidation.
+- Stalking or following.
+- Harassing photography or recording, including logging online
+  activity for harassment purposes.
+- Sustained disruption of discussion.
+- Unwelcome sexual attention.
+- Continued one-on-one communication after requests to cease.
+- Deliberate “outing” of any aspect of a person’s identity without
+  their consent – except as necessary to protect vulnerable people
+  from intentional abuse.
+- Publication of non-harassing private communication.
+
+## Exclusions
+
+OddBird prioritizes marginalized people’s safety over privileged
+people’s comfort. The owners will not act on complaints regarding:
+
+- ‘Reverse’ -isms, including ‘reverse racism,’ ‘reverse sexism,’ and
+  ‘cisphobia’
+- Reasonable communication of boundaries, such as “leave me alone,”
+  “go away,” or “I’m not discussing this with you.”
+- Communicating in a ‘tone’ you don’t find congenial
+- Criticizing racist, sexist, cissexist, or otherwise oppressive
+  behavior or assumptions
+
+## Reporting
+
+If you are being harassed by an OddBird contributor, notice that someone
+else is being harassed, or have any other concerns, please contact the
+owners:
+
+- All: <owners@oddbird.net>
+- Carl Meyer: <carl@oddbird.net>
+- Jonny Gerig Meyer: <jonny@oddbird.net>
+- Miriam Suzanne: <miriam@oddbird.net>
+
+If the person who is harassing you is one of the owners, that owner will
+recuse themselves from handling your incident. We will respond as
+promptly as we can.
+
+In order to protect this policy from abuse, we reserve the right to
+reject any report we believe to have been made in bad faith. Reports
+intended to silence legitimate criticism may be deleted without
+response.
+
+We will respect confidentiality requests for the purpose of protecting
+victims of abuse. At our discretion, we may publicly name a person about
+whom we’ve received harassment complaints, or privately warn third
+parties about them, if we believe that doing so will increase the safety
+of OddBird contributors or the general public. We will not name
+harassment victims without their affirmative consent.
+
+## Consequences
+
+OddBird contributors asked to stop any harassing behavior are expected
+to comply immediately. If a participant engages in harassing behavior,
+the owners may take any action they deem appropriate, up to and
+including expulsion from all OddBird spaces and activities, as well as
+identification of the participant as a harasser to other OddBird contributors
+or the general public.
+
+The OddBird owners will be happy to help participants contact any
+relevant security or law enforcement officials, provide escorts, or
+otherwise assist any OddBird contributors experiencing harassment to
+feel safe for the duration of their interaction with our company.
+
+## Attribution
+
+This anti-harassment policy is based on the example policy from the
+[Geek Feminism wiki], created by the Geek Feminism community, as well as
+the [Sass Community Guidelines], [Slack Developer Community Code of
+Conduct], and [FreeBSD Code of Conduct].
+
+[Geek Feminism wiki]: https://geekfeminism.fandom.com/wiki/Community_anti-harassment
+[Sass Community Guidelines]: https://sass-lang.com/community-guidelines/
+[Slack Developer Community Code of Conduct]: https://api.slack.com/community/code-of-conduct
+[FreeBSD Code of Conduct]: https://www.freebsd.org/internal/code-of-conduct/

SECURITY.md

@@ -0,0 +1,20 @@
+# Security Policy
+
+## Reporting security issues
+
+The OddBird team and community take security seriously. We appreciate your
+efforts to responsibly disclose your findings, and will make every effort to
+acknowledge your contributions.
+
+To report a security issue, please open a private vulnerability report at
+https://github.com/oddbird/css-anchor-positioning/security/advisories/new.
+
+## Version support
+
+While discovering new vulnerabilities is rare, we always recommend using the
+latest version to ensure your application remains as secure as possible.
+
+This project follows [semantic versioning](https://semver.org/) principles.
+Security updates will be released for the latest major version. Maintainers will
+determine if security updates will be released for other versions, depending on
+the severity of the vulnerability and the usage of other versions.