Update after move to new GitHub org

Signed-off-by: Stephen Curran <swcurran@gmail.com>

Author: swcurran

README.md

@@ -1,8 +1,8 @@
 # Indy-VDR (Verifiable Data Registry)
 
-[<img src="https://raw.githubusercontent.com/hyperledger/indy-node/master/collateral/logos/indy-logo.png" width="50%" height="auto">](https://github.com/hyperledger/indy-sdk/)
+[<img src="https://raw.githubusercontent.com/hyperledger-indy/indy-node/master/collateral/logos/indy-logo.png" width="50%" height="auto">](https://github.com/hyperledger-indy/indy-sdk/)
 
-[![Unit Tests](https://github.com/hyperledger/indy-vdr/workflows/Unit%20Tests/badge.svg)](https://github.com/hyperledger/indy-vdr/actions)
+[![Unit Tests](https://github.com/hyperledger-indy/indy-vdr/workflows/Unit%20Tests/badge.svg)](https://github.com/hyperledger-indy/indy-vdr/actions)
 [![Python Package](https://img.shields.io/pypi/v/indy-vdr.svg)](https://pypi.org/project/indy-vdr/)
 
 - [Introduction](#introduction)
@@ -16,7 +16,7 @@
 
 ## Introduction
 
-This library is derived from [Hyperledger Indy SDK](https://github.com/hyperledger/indy-sdk) for the more limited use case of connecting to an [Indy Node](https://github.com/hyperledger/indy-node) blockchain ledger. It is written in Rust and currently includes a Python wrapper and a standalone proxy server.
+This library is derived from [Hyperledger Indy SDK](https://github.com/hyperledger-indy/indy-sdk) for the more limited use case of connecting to an [Indy Node](https://github.com/hyperledger-indy/indy-node) blockchain ledger. It is written in Rust and currently includes a Python wrapper and a standalone proxy server.
 
 _This library is still in development and there are currently no standard release packages._
 
@@ -90,7 +90,7 @@ Indy VDR contains a DID Resolver to resolve DIDs and dereference DID Urls to led
 
 ## Connecting to a Ledger
 
-Whether using the library or the proxy server, you will need a `genesis.txn` file containing the set of pool genesis transactions. You can run a local pool in Docker using [VON-Network](https://github.com/bcgov/von-network) or follow the [Indy-SDK instructions](https://github.com/hyperledger/indy-sdk#how-to-start-local-nodes-pool-with-docker).
+Whether using the library or the proxy server, you will need a `genesis.txn` file containing the set of pool genesis transactions. You can run a local pool in Docker using [VON-Network](https://github.com/bcgov/von-network) or follow the [Indy-SDK instructions](https://github.com/hyperledger-indy/indy-sdk#how-to-start-local-nodes-pool-with-docker).
 
 However the library is used, the `RUST_LOG` environment variable may be set in order to adjust the volume of logging messages produced. Acceptable values are `error`, `warn`, `info`, `debug`, and `trace`. The `RUST_BACKTRACE` environment variable may also be set to `full` for extended output in the case of fatal errors.
 
@@ -108,4 +108,4 @@ The following environment variables can be used to configure indy-vdr behavior:
 - Join us on the Hyperledger Discord. Guidance at [chat.hyperledger.org](https://chat.hyperledger.org).
 - Developer certificate of origin (DCO) are required in all Hyperledger repositories,
   so to get your pull requests accepted, you must certify your commits by signing off on each commit.
-  More information can be found in [Signing Commits](https://github.com/hyperledger/indy-sdk/docs/contributors/signing-commits.md) article.
+  More information can be found in [Signing Commits](https://github.com/hyperledger-indy/indy-sdk/docs/contributors/signing-commits.md) article.

SECURITY.md

@@ -1,11 +1,172 @@
-# Hyperledger Security Policy
+# Hyperledger Indy Security Policy
 
-## Reporting a Security Bug
+[Hyperledger security vulnerability disclosure policy]: /governing-documents/security.md
 
-If you think you have discovered a security issue in any of the Hyperledger projects, we'd love to hear from you. We will take all security bugs seriously and if confirmed upon investigation we will patch it within a reasonable amount of time and release a public security bulletin discussing the impact and credit the discoverer.
+## About this document
 
-There are two ways to report a security bug. The easiest is to email a description of the flaw and any related information (e.g. reproduction steps, version) to [security at hyperledger dot org](mailto:security@hyperledger.org).
+This document defines how security vulnerability reporting is handled in the
+Hyperledger Indy project. The approach aligns with the [Hyperledger
+Foundation's Security Vulnerability Reporting
+policy](https://toc.hyperledger.org/governing-documents/security.html). Please
+review that document to understand the basis of the security reporting for
+Hyperledger Indy.
 
-The other way is to file a confidential security bug in our [JIRA bug tracking system](https://jira.hyperledger.org). Be sure to set the “Security Level” to “Security issue”.
+The Hyperledger Security Vulnerability policy borrows heavily from the
+recommendations of the OpenSSF Vulnerability Disclosure working group. For
+up-to-date information on the latest recommendations related to vulnerability
+disclosures, please visit the [GitHub of that working
+group](https://github.com/ossf/wg-vulnerability-disclosures).
 
-The process by which the Hyperledger Security Team handles security bugs is documented further in our [Defect Response page](https://wiki.hyperledger.org/display/HYP/Defect+Response) on our [wiki](https://wiki.hyperledger.org).
+If you are already familiar with the security policies of Hyperledger Indy, and
+ready to report a vulnerability, please jump to [Report
+Intakes](#report-intakes).
+
+## Outline
+
+This document has the following sections:
+
+- [Hyperledger Indy Security Policy](#hyperledger-indy-security-policy)
+  - [About this document](#about-this-document)
+  - [Outline](#outline)
+  - [What Is a Vulnerability Disclosure Policy?](#what-is-a-vulnerability-disclosure-policy)
+  - [Security Team](#security-team)
+  - [Discussion Forums](#discussion-forums)
+  - [Report Intakes](#report-intakes)
+  - [CNA/CVE Reporting](#cnacve-reporting)
+  - [Embargo List](#embargo-list)
+  - [(GitHub) Security Advisories](#github-security-advisories)
+  - [Private Patch Deployment Infrastructure](#private-patch-deployment-infrastructure)
+
+## What Is a Vulnerability Disclosure Policy?
+
+No piece of software is perfect. All software (at least, all software of a
+certain size and complexity) has bugs. In open source development, members of
+the community or the public find bugs and report them to the project. A
+vulnerability disclosure policy explains how this process functions from the
+perspective of the project.
+
+This vulnerability disclosure policy explains the rules and guidelines for
+Hyperledger Indy. It is intended to act as both a reference for
+outsiders–including both bug reporters and those looking for information on the
+project's security practices–as well as a set of rules that maintainers and
+contributors have agreed to follow.
+
+## Security Team
+
+The current Hyperledger Indy security team is:
+
+| Name           | Email ID                          | Discord ID    | Area/Specialty       |
+| -------------- | --------------------------------- | ------------- | -------------------- |
+| Stephen Curran | swcurran@cloudcompass.ca          | swcurran      |                      |
+| Wade Barnes    | wade@neoterictech.ca              | WadeBarnes    | Security, Operations |
+| Sam Curren     | sam@indicio.tech                  | TelegramSam   | Security             |
+| Renata Toktar  | renata.toktar@dsr-corporation.com | Renata.toktar | Security             |
+
+The security team for Hyperledger Indy must include at least three Indy
+Maintainers that agree to carry out the following duties and responsibilities.
+Members are added and removed from the team via approved Pull Requests to this
+repository. For additional background into the role of the security team, see
+the [People Infrastructure] section of the Hyperledger Security Policy.
+
+[People Infrastructure]: https://toc.hyperledger.org/governing-documents/security.html#people-infrastructure
+
+**Responsibilities:**
+
+1. Acknowledge the receipt of vulnerability reports to the reporter within 2
+   business days.
+
+2. Assess the issue. Engage with the reporter to ask any outstanding questions
+about the report and how to reproduce it. If the report was received by email
+and may be a security vulnerability, open a GitHub Security Advisory on the
+repository to manage the report. If the report is not considered a
+vulnerability, then the reporter should be informed and this process can be
+halted. If the report is a regular bug (but not a security vulnerability), the
+reporter should be informed (if necessary) of the regular process for reporting
+issues.
+
+1. Some issues may require more time and resources to correct. If a particular
+report is complex, discuss an embargo period with the reporter during which
+time the report will not be publicly disclosed. The embargo period should be
+negotiated with the reporter and must not be longer than 90 days.
+
+1. If necessary, create a private patch development infrastructure for the issue
+   by emailing the [Hyperledger Community Architects].
+
+[Hyperledger Community Architects]: mailto:community-architects@hyperledger.org
+
+5. Request a CVE for the issue (see the [CNA/CVE Reporting](#cnacve-reporting)
+   section).
+
+6. Decide a date for the public release of the vulnerability report, the date
+   the embargo period ends.
+
+7. If applicable, notify members of the embargo list of the vulnerability,
+upcoming patch and release, as described above.
+
+8. Publish a new (software) release in which the vulnerability is addressed.
+
+9. Publicly disclose the issue within 48 hours after the release via a
+GitHub security advisory (see the [(GitHub) Security
+Advisories](#github-security-advisories) section for details).
+
+## Discussion Forums
+
+Discussions about each reported vulnerability should be carried out in the
+private GitHub security advisory about the vulnerability. If necessary, a private
+channel specific to the issue may be created on the Hyperledger Discord server
+with invited participants added to the discussion.
+
+## Report Intakes
+
+Hyperledger Indy has the following ways to submit security
+vulnerabilities. While the security team members will do their best to
+respond to bugs disclosed in all possible ways, it is encouraged for bug
+finders to report through the following approved channels:
+
+- Email the [Hyperledger Foundation security
+list](mailto:security@lists.hyperledger.org): To report a security issue, please
+send an email with the name of the project/repository, a description of the issue, the
+steps you took to create the issue, affected versions, and if known,
+mitigations. If in triaging the email, the security team determines the issue may be
+a security vulnerability, a [GitHub security vulnerability report] will be
+opened.
+- Open a [GitHub security vulnerability report]: Open a draft security advisory
+on the "Security" tab of this GitHub repository. See [GitHub Security
+Advisories](#github-security-advisories) to learn more about the security
+infrastructure in GitHub.
+
+[GitHub security vulnerability report]: https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability
+
+## CNA/CVE Reporting
+
+Hyperledger Indy maintains a list of **Common Vulnerabilities and Exposures
+(CVE)** and uses GitHub as its **CVE numbering authority (CNA)** for issuing
+CVEs.
+
+## Embargo List
+
+Hyperledger Indy does **NOT** currently maintain a private embargo list.
+
+If you wish to be added to the embargo list, please email the [Hyperledger
+Foundation security mailing list](mailto:security@lists.hyperledger.org),
+including the project name (Hyperledger Indy) and reason for being added
+to the embargo list. Requests will be assessed by the Hyperledger Indy
+security team in conjunction with the appropriate Hyperledger Staff, and a
+decision will be made to accommodate or not the request.
+
+For more information about embargo lists, please see the [Embargo List section
+of the Hyperledger Security
+Policy](https://toc.hyperledger.org/governing-documents/security.html#embargo-list).
+
+## (GitHub) Security Advisories
+
+Hyperledger Indy uses GitHub Security Advisories to manage the public
+disclosure of security vulnerabilities.
+
+## Private Patch Deployment Infrastructure
+
+In creating patches and new releases that address security vulnerabilities,
+Hyperledger Indy **MAY** use the private development features of GitHub for
+security vulnerabilities. GitHub has [extensive
+documentation](https://docs.github.com/en/code-security/security-advisories/repository-security-advisories)
+about these features.

ci/indy-pool.dockerfile

@@ -1,4 +1,4 @@
-FROM ghcr.io/hyperledger/indy-node-container/indy_node:1.13.2-ubuntu20-1.2.10
+FROM ghcr.io/hyperledger-indy/indy-node-container/indy_node:1.13.2-ubuntu20-1.2.10
 RUN pip3 install "supervisor~=4.2"
 
 RUN echo "[supervisord]\n\

libindy_vdr/Cargo.toml

@@ -9,7 +9,7 @@ edition = "2021"
 rust-version = "1.85"
 license = "Apache-2.0"
 readme = "../README.md"
-repository = "https://github.com/hyperledger/indy-vdr/"
+repository = "https://github.com/hyperledger-indy/indy-vdr/"
 categories = ["authentication", "cryptography"]
 keywords = ["hyperledger", "indy", "ssi", "verifiable", "credentials"]
 

libindy_vdr/tests/rich_schema.rs

@@ -437,10 +437,10 @@ mod rs_chain {
                 },
                 "algorithm": {
                     "description": "This encoding transforms an RFC3339 - formatted datetime object into the number of seconds since January 1, 1970(the Unix epoch).",
-                    "documentation": "https://github.com/hyperledger/indy-hipe/commit/3a39665fd384254f08316eef6230c2f411b8f765",
-                    "implementation": "https://github.com/hyperledger/indy-hipe/commit/3a39665fd384254f08316eef6230c2f411b8f869",
+                    "documentation": "https://github.com/hyperledger-indy/indy-hipe/commit/3a39665fd384254f08316eef6230c2f411b8f765",
+                    "implementation": "https://github.com/hyperledger-indy/indy-hipe/commit/3a39665fd384254f08316eef6230c2f411b8f869",
                 },
-                "testVectors": "https://github.com/hyperledger/indy-hipe/commit/3a39665fd384254f08316eef6230c2f411b8f766"
+                "testVectors": "https://github.com/hyperledger-indy/indy-hipe/commit/3a39665fd384254f08316eef6230c2f411b8f766"
             });
             return RSContent(json_c.to_string());
         }

wrappers/golang/README.md

@@ -1,4 +1,4 @@
-[![go.dev reference](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white&style=for-the-badge)](https://pkg.go.dev/github.com/hyperledger/indy-vdr/wrappers/golang/vdr)
+[![go.dev reference](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white&style=for-the-badge)](https://pkg.go.dev/github.com/hyperledger-indy/indy-vdr/wrappers/golang/vdr)
 
 # Run demo
 

wrappers/golang/cmd/demo/demo.go

@@ -9,9 +9,9 @@ import (
 	"net/http"
 	"os"
 
-	"github.com/hyperledger/indy-vdr/wrappers/golang/crypto"
-	"github.com/hyperledger/indy-vdr/wrappers/golang/identifiers"
-	"github.com/hyperledger/indy-vdr/wrappers/golang/vdr"
+	"github.com/hyperledger-indy/indy-vdr/wrappers/golang/crypto"
+	"github.com/hyperledger-indy/indy-vdr/wrappers/golang/identifiers"
+	"github.com/hyperledger-indy/indy-vdr/wrappers/golang/vdr"
 	"github.com/mr-tron/base58"
 )
 

wrappers/golang/go.mod

@@ -1,4 +1,4 @@
-module github.com/hyperledger/indy-vdr/wrappers/golang
+module github.com/hyperledger-indy/indy-vdr/wrappers/golang
 
 go 1.16
 

wrappers/javascript/indy-vdr-nodejs/README.md

@@ -50,7 +50,7 @@ docker exec $(docker ps -aqf "ancestor=test_pool") cat /var/lib/indy/sandbox/poo
 yarn test:local-build
 ```
 
-> **Note**: If you want to use this library in a cross-platform environment you need to import methods from the `@hyperledger/indy-vdr-shared` package instead. This is a platform independent package that allows to register the native bindings. The `@hyperledger/indy-vdr-nodejs` package uses this package under the hood. See the [Indy VDR Shared README](https://github.com/hyperledger/indy-vdr/tree/main/wrappers/javascript/indy-vdr-shared/README.md) for documentation on how to use this package.
+> **Note**: If you want to use this library in a cross-platform environment you need to import methods from the `@hyperledger/indy-vdr-shared` package instead. This is a platform independent package that allows to register the native bindings. The `@hyperledger/indy-vdr-nodejs` package uses this package under the hood. See the [Indy VDR Shared README](https://github.com/hyperledger-indy/indy-vdr/tree/main/wrappers/javascript/indy-vdr-shared/README.md) for documentation on how to use this package.
 
 ## Version Compatibility
 

wrappers/javascript/indy-vdr-nodejs/package.json

@@ -5,11 +5,11 @@
   "description": "Nodejs wrapper for Indy Vdr",
   "source": "src/index",
   "main": "build/index",
-  "homepage": "https://github.com/hyperledger/indy-vdr/tree/main/wrappers/javascript/indy-vdr-nodejs",
+  "homepage": "https://github.com/hyperledger-indy/indy-vdr/tree/main/wrappers/javascript/indy-vdr-nodejs",
   "author": "Hyperledger (https://github.com/hyperledger)",
   "repository": {
     "type": "git",
-    "url": "https://github.com/hyperledger/indy-vdr",
+    "url": "https://github.com/hyperledger-indy/indy-vdr",
     "directory": "wrappers/javascript/indy-vdr-nodejs"
   },
   "publishConfig": {
@@ -51,7 +51,7 @@
   },
   "binary": {
     "version": "v0.4.4",
-    "host": "https://github.com/hyperledger/indy-vdr/releases/download",
+    "host": "https://github.com/hyperledger-indy/indy-vdr/releases/download",
     "packageName": "library-{platform}-{arch}.tar.gz"
   },
   "engines": {