From a80fdf8ee48ea979b5b90ceba026610338608ce0 Mon Sep 17 00:00:00 2001
From: Michael Baentsch <57787676+baentsch@users.noreply.github.com>
Date: Wed, 4 Oct 2023 08:10:52 +0200
Subject: [PATCH] add community standard documentation [skip ci] (#1565)

---
 CODE_OF_CONDUCT.md | 128 +++++++++++++++++++++++++++++++++++++++++++++
 CONTRIBUTING.md    |  73 ++++++++++++++++++++++++++
 SECURITY.md        |  15 ++++++
 3 files changed, 216 insertions(+)
 create mode 100644 CODE_OF_CONDUCT.md
 create mode 100644 CONTRIBUTING.md
 create mode 100644 SECURITY.md

diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
new file mode 100644
index 0000000000..dd0ce2b558
--- /dev/null
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1,128 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+conduct@openquantumsafe.org.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 0000000000..1d2fb783d6
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,73 @@
+# Contributing
+
+The OQS core team welcomes all proposals to improve this project. This may take 
+the form of [a discussion](https://github.com/open-quantum-safe/liboqs/discussions)
+for input or feedback, possible bug reports or feature requests via [issues](https://github.com/open-quantum-safe/liboqs/issues)
+as well as new code and documentation via a [pull request (PR)](https://github.com/open-quantum-safe/liboqs/pulls).
+
+## Review and Feedback
+
+We aim to provide timely feedback to any input. If you are uncertain as to whether
+a particular contribution is welcome, needed or timely, please first open an [issue](https://github.com/open-quantum-safe/liboqs/issues)
+particularly in case of possible bugs or new feature requests or create a
+[discussion](https://github.com/open-quantum-safe/liboqs/discussions).
+
+## Pull requests
+
+Pull requests should clearly state their purpose, possibly referencing an existing
+[issue](https://github.com/open-quantum-safe/liboqs/issues) when resolving it.
+
+All PRs should move to "Ready for Review" stage only if all CI tests pass (are green).
+
+The OQS core team is happy to provide feedback also to Draft PRs in order to improve
+them before the final "Review" stage.
+
+### Coding style
+
+This project has adopted a slightly modified [Google code formatting style](https://astyle.sourceforge.net/astyle.html#_style=google) for the core components
+of the library as documented in the [style template](.astylerc).
+
+To check adherence of any new code to this, it therefore is highly recommended to
+run the following command in the project main directory prior to finishing a PR:
+
+    find src tests -name '*.[ch]' | grep -v '/external/' | grep -v 'kem/.*/.*/.*' | grep -v 'sig/.*/.*/.*' | xargs astyle --dry-run --options=.astylerc | grep Format
+
+### Running CI locally
+
+#### CircleCI
+
+If encountering CI errors in CircleCI, it may be helpful to execute the test jobs
+locally to debug. This can be facilitated by executing the command
+
+   circleci local execute --job some-test-job
+
+assuming "some-test-job" is the name of the test to be executed and the CircleCI
+[command line tools have been installed](https://circleci.com/docs/local-cli).
+
+#### Github CI
+
+[Act](https://github.com/nektos/act) is a tool facilitating local execution of
+github CI jobs. When executed in the main `oqsprovider` directory, 
+
+    act -l Displays all github CI jobs
+    act -j some-job Executes "some-job"
+
+When installing `act` as a github extension, prefix the commands with `gh `.
+
+### New features
+
+Any PR introducing a new feature is expected to contain a test of this feature
+and this test should be part of the CI pipeline, preferably using Github CI.
+
+## Failsafe
+
+If you feel your contribution is not getting proper attention, please be sure to
+add a tag to one or more of our [most active contributors](https://github.com/open-quantum-safe/liboqs/graphs/contributors).
+
+## Issues to start working on
+
+If you feel like contributing but don't know what specific topic to work on,
+please check the [open issues tagged "good first issue" or "help wanted"](https://github.com/open-quantum-safe/liboqs/issues).
+
+
+
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..9f5db7aadb
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,15 @@
+# Security Policy
+
+## Supported Versions
+
+We only support the most recent release.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.8.0   | :white_check_mark: |
+| < 0.8   | :x:                |
+
+## Reporting a Vulnerability
+Please follow [this information to report a vulnerability](https://openquantumsafe.org/liboqs/security.html#reporting-security-bugs).
+
+