Added CONTRIBUTING.md and SECURITY.md files in Connector/Python

SubCoder1 · oscpache · commit 8a90d72dbb3b · 2024-09-13T09:01:19.000-06:00
Change-Id: If8352546a735208240540e6daa2ccf4f6e433716
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst
diff --git a/README.rst b/README.rst
@@ -196,7 +196,7 @@ Contributing
 ------------
 
 There are a few ways to contribute to the Connector/Python code. Please refer
-to the `contributing guidelines <CONTRIBUTING.rst>`_ for additional information.
+to the `contributing guidelines <CONTRIBUTING.md>`_ for additional information.
 
 
 License
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,30 @@
+# Reporting security vulnerabilities
+
+Oracle values the independent security research community and believes that
+responsible disclosure of security vulnerabilities helps us ensure the security
+and privacy of all our users.
+
+Please do NOT raise a GitHub Issue to report a security vulnerability. If you
+believe you have found a security vulnerability, please submit a report to
+secalert_us@oracle.com preferably with a proof of concept. Please review
+some additional information on how to report security vulnerabilities to Oracle
+(see https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html)
+We encourage people who contact Oracle Security to use email encryption using
+our encryption key (see https://www.oracle.com/security-alerts/encryptionkey.html)
+
+We ask that you do not use other channels or contact the project maintainers
+directly.
+
+# Security updates, alerts and bulletins
+
+Security updates will be released on a regular cadence. Many of our projects
+will typically release security fixes in conjunction with the Oracle Critical Patch
+Update program. Additional information, including past advisories, is available on our
+security alerts page at https://www.oracle.com/security-alerts/
+
+# Security-related information
+
+We will provide security related information such as a threat model, considerations
+for secure use, or any known security issues in our documentation. Please note
+that labs and sample code are intended to demonstrate a concept and may not be
+sufficiently hardened for production use.
diff --git a/mysql-connector-python/MANIFEST.in b/mysql-connector-python/MANIFEST.in
@@ -1,7 +1,8 @@
 include README.txt
 include README.rst
 include LICENSE.txt
-include CONTRIBUTING.rst
+include CONTRIBUTING.md
+include SECURITY.md
 include CHANGES.txt
 include setup.py
 include unittests.py
diff --git a/mysql-connector-python/cpydist/bdist.py b/mysql-connector-python/cpydist/bdist.py
@@ -200,7 +200,8 @@ def run(self):
             ("README.txt", "README.txt"),
             ("LICENSE.txt", "LICENSE.txt"),
             ("README.rst", "README.rst"),
-            ("CONTRIBUTING.rst", "CONTRIBUTING.rst"),
+            ("CONTRIBUTING.md", "CONTRIBUTING.md"),
+            ("SECURITY.md", "SECURITY.md"),
             ("docs/INFO_SRC", "INFO_SRC"),
             ("docs/INFO_BIN", "INFO_BIN"),
         ]
diff --git a/mysql-connector-python/cpydist/bdist_solaris.py b/mysql-connector-python/cpydist/bdist_solaris.py
@@ -208,8 +208,12 @@ def _prepare_pkg_base(self, template_name, data_dir, root=""):
                 os.path.join(data_path, "README.rst"),
             ),
             (
-                os.path.join(cwd, "CONTRIBUTING.rst"),
-                os.path.join(data_path, "CONTRIBUTING.rst"),
+                os.path.join(cwd, "CONTRIBUTING.md"),
+                os.path.join(data_path, "CONTRIBUTING.md"),
+            ),
+            (
+                os.path.join(cwd, "SECURITY.md"),
+                os.path.join(data_path, "SECURITY.md"),
             ),
         ]
 
diff --git a/mysql-connector-python/cpydist/data/rpm/mysql-connector-python.spec b/mysql-connector-python/cpydist/data/rpm/mysql-connector-python.spec
@@ -169,7 +169,7 @@ cd mysql-connector-python
 %{?scl:EOF}
 
 %files -n mysql-connector-python3%{?product_suffix}
-%doc LICENSE.txt CHANGES.txt README.txt README.rst CONTRIBUTING.rst mysql-connector-python/docs/INFO_SRC mysql-connector-python/docs/INFO_BIN
+%doc LICENSE.txt CHANGES.txt README.txt README.rst CONTRIBUTING.md SECURITY.md mysql-connector-python/docs/INFO_SRC mysql-connector-python/docs/INFO_BIN
 %{python3_sitearch}/mysql
 %{python3_sitearch}/mysql_connector_python-*.egg-info
 %{python3_sitearch}/_mysql_connector.cpython*.so
diff --git a/mysql-connector-python/cpydist/sdist.py b/mysql-connector-python/cpydist/sdist.py
@@ -262,7 +262,8 @@ def run(self):
             ("README.txt", "README.txt"),
             ("LICENSE.txt", "LICENSE.txt"),
             ("README.rst", "README.rst"),
-            ("CONTRIBUTING.rst", "CONTRIBUTING.rst"),
+            ("CONTRIBUTING.md", "CONTRIBUTING.md"),
+            ("SECURITY.md", "SECURITY.md"),
             ("docs/INFO_SRC", "INFO_SRC"),
             ("docs/INFO_BIN", "INFO_BIN"),
         ]
diff --git a/mysql-connector-python/setup.py b/mysql-connector-python/setup.py
@@ -53,7 +53,8 @@
     "README.rst",
     "LICENSE.txt",
     "CHANGES.txt",
-    "CONTRIBUTING.rst",
+    "CONTRIBUTING.md",
+    "SECURITY.md",
 )
 
 VERSION_TEXT = "999.0.0"
diff --git a/mysqlx-connector-python/MANIFEST.in b/mysqlx-connector-python/MANIFEST.in
@@ -1,7 +1,8 @@
 include README.txt
 include README.rst
 include LICENSE.txt
-include CONTRIBUTING.rst
+include CONTRIBUTING.md
+include SECURITY.md
 include CHANGES.txt
 include setup.py
 include unittests.py
diff --git a/mysqlx-connector-python/cpydist/bdist.py b/mysqlx-connector-python/cpydist/bdist.py
@@ -200,7 +200,8 @@ def run(self):
             ("README.txt", "README.txt"),
             ("LICENSE.txt", "LICENSE.txt"),
             ("README.rst", "README.rst"),
-            ("CONTRIBUTING.rst", "CONTRIBUTING.rst"),
+            ("CONTRIBUTING.md", "CONTRIBUTING.md"),
+            ("SECURITY.md", "SECURITY.md"),
             ("docs/INFO_SRC", "INFO_SRC"),
             ("docs/INFO_BIN", "INFO_BIN"),
         ]
diff --git a/mysqlx-connector-python/cpydist/bdist_solaris.py b/mysqlx-connector-python/cpydist/bdist_solaris.py
@@ -208,8 +208,12 @@ def _prepare_pkg_base(self, template_name, data_dir, root=""):
                 os.path.join(data_path, "README.rst"),
             ),
             (
-                os.path.join(cwd, "CONTRIBUTING.rst"),
-                os.path.join(data_path, "CONTRIBUTING.rst"),
+                os.path.join(cwd, "CONTRIBUTING.md"),
+                os.path.join(data_path, "CONTRIBUTING.md"),
+            ),
+            (
+                os.path.join(cwd, "SECURITY.md"),
+                os.path.join(data_path, "SECURITY.md"),
             ),
         ]
 
diff --git a/mysqlx-connector-python/cpydist/data/rpm/mysql-connector-python.spec b/mysqlx-connector-python/cpydist/data/rpm/mysql-connector-python.spec
@@ -168,7 +168,7 @@ cd mysqlx-connector-python
 sed -i -e '/protobuf/d' %{buildroot}%{python3_sitearch}/mysqlx_connector_python-*.egg-info/requires.txt
 
 %files -n mysqlx-connector-python3%{?product_suffix}
-%doc LICENSE.txt CHANGES.txt README.txt README.rst CONTRIBUTING.rst mysqlx-connector-python/docs/INFO_SRC mysqlx-connector-python/docs/INFO_BIN
+%doc LICENSE.txt CHANGES.txt README.txt README.rst CONTRIBUTING.md SECURITY.md mysqlx-connector-python/docs/INFO_SRC mysqlx-connector-python/docs/INFO_BIN
 %{python3_sitearch}/mysqlx
 %{python3_sitearch}/mysqlx_connector_python-*.egg-info
 %{python3_sitearch}/_mysqlxpb.cpython*.so
diff --git a/mysqlx-connector-python/cpydist/sdist.py b/mysqlx-connector-python/cpydist/sdist.py
@@ -262,7 +262,8 @@ def run(self):
             ("README.txt", "README.txt"),
             ("LICENSE.txt", "LICENSE.txt"),
             ("README.rst", "README.rst"),
-            ("CONTRIBUTING.rst", "CONTRIBUTING.rst"),
+            ("CONTRIBUTING.md", "CONTRIBUTING.md"),
+            ("SECURITY.md", "SECURITY.md"),
             ("docs/INFO_SRC", "INFO_SRC"),
             ("docs/INFO_BIN", "INFO_BIN"),
         ]
diff --git a/mysqlx-connector-python/setup.py b/mysqlx-connector-python/setup.py
@@ -54,7 +54,8 @@
     "README.rst",
     "LICENSE.txt",
     "CHANGES.txt",
-    "CONTRIBUTING.rst",
+    "CONTRIBUTING.md",
+    "SECURITY.md",
 )
 
 

Original file line number	Diff line number	Diff line change
`@@ -208,8 +208,12 @@ def _prepare_pkg_base(self, template_name, data_dir, root=""):`
`208`	`208`	`os.path.join(data_path, "README.rst"),`
`209`	`209`	`),`
`210`	`210`	`(`
`211`		`- os.path.join(cwd, "CONTRIBUTING.rst"),`
`212`		`- os.path.join(data_path, "CONTRIBUTING.rst"),`
	`211`	`+ os.path.join(cwd, "CONTRIBUTING.md"),`
	`212`	`+ os.path.join(data_path, "CONTRIBUTING.md"),`
	`213`	`+ ),`
	`214`	`+ (`
	`215`	`+ os.path.join(cwd, "SECURITY.md"),`
	`216`	`+ os.path.join(data_path, "SECURITY.md"),`
`213`	`217`	`),`
`214`	`218`	`]`
`215`	`219`
Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,8 @@`
`53`	`53`	`"README.rst",`
`54`	`54`	`"LICENSE.txt",`
`55`	`55`	`"CHANGES.txt",`
`56`		`- "CONTRIBUTING.rst",`
	`56`	`+ "CONTRIBUTING.md",`
	`57`	`+ "SECURITY.md",`
`57`	`58`	`)`
`58`	`59`
`59`	`60`	`VERSION_TEXT = "999.0.0"`