From 860e3cdef042f9a30a90c5385d03ac51edaa0c25 Mon Sep 17 00:00:00 2001
From: Jeff Mesnil <jmesnil@redhat.com>
Date: Thu, 3 Aug 2023 13:53:50 +0200
Subject: [PATCH] [STXM-22] Improve community standards

* Add README (with sections to report issues and release procedure)
* Add Security policy to report security issues
* Add Code of Conduct

JIRA: https://issues.redhat.com/browse/STXM-22

Signed-off-by: Jeff Mesnil <jmesnil@redhat.com>
---
 CODE_OF_CONDUCT.md | 133 +++++++++++++++++++++++++++++++++++++++++++++
 README.MD          |  50 +++++++++++++++++
 SECURITY.md        |  11 ++++
 3 files changed, 194 insertions(+)
 create mode 100644 CODE_OF_CONDUCT.md
 create mode 100644 README.MD
 create mode 100644 SECURITY.md

diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
new file mode 100644
index 0000000..4b6a77b
--- /dev/null
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1,133 @@
+
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall
+  community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email address,
+  without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at 
+jmesnil@redhat.com.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations
\ No newline at end of file
diff --git a/README.MD b/README.MD
new file mode 100644
index 0000000..042699f
--- /dev/null
+++ b/README.MD
@@ -0,0 +1,50 @@
+# StAXMapper
+
+StAXMapper is a thin StAX facade which supports plugability plus some usability enhancements.
+
+StAXMapper is released as a single Maven artifact with the coordinates:
+
+```
+<dependency>
+    <groupId>org.jboss</groupId>
+    <artifactId>staxmapper</artifactId>
+</dependency>
+```
+
+# Build StAXMapper
+
+Prerequisites:
+
+* JDK 11 or newer - check `java -version`
+* Maven 3.6.0 or newer - check `mvn -v`
+
+To build with your own Maven installation:
+
+```
+mvn package
+```
+
+# Reporting Issues
+
+StAXMapper uses JIRA to manage issues. All issues can be found [here](https://issues.redhat.com/projects/STXM/issues).
+
+To create a new issue, comment on an existing issue, or assign an issue to yourself, you'll need to first [create a JIRA account](https://issues.redhat.com/).
+
+# Release Procedure
+
+StAXMapper is released in [JBoss Nexus Repository](https://repository.jboss.org/nexus/)
+
+To release a new version of StAXMapper:
+
+* Use the Maven [`release` plugin](https://maven.apache.org/maven-release/maven-release-plugin/):
+
+```
+mvn release:prepare
+mvn release:perform
+```
+
+* Close and publish the staged artifacts from  [JBoss Nexus Repository](https://repository.jboss.org/nexus/)
+* Release the published version in [JIRA](https://issues.redhat.com/projects/STXM?selectedItem=com.atlassian.jira.jira-projects-plugin:release-page&status=released-unreleased)
+* Update the Release Notes in [GitHub Release page](https://github.com/jbossas/staxmapper/releases)
+
+
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..210cf91
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,11 @@
+# Security Policy
+
+## Security Contacts and Procedures
+
+Red Hat takes security very seriously, and we aim to take immediate action to address serious security-related problems that involve our products or services.
+
+Please report any suspected security vulnerability in this project to Red Hat Product Security at secalert@redhat.com. You can use our GPG key to communicate with us securely.
+
+To report an issue in any Red Hat branded website or online service, please contact Red Hat Information Security at site-security@redhat.com.
+
+https://access.redhat.com/security/team/contact
\ No newline at end of file