Merge pull request #1 from planetf1/main

planetf1 · web-flow · commit 6e2b59c5cf49 · 2024-03-11T12:55:36.000Z
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,38 @@
+[//]: # (SPDX-License-Identifier: CC-BY-4.0)
+[//]: # (TODO Customize Issue templates)
+
+[//]: # (See https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository)
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Environment (please complete the following information):**
+ - OS: [e.g. Ubuntu 20]
+ - OpenSSL version [e.g., 3.0.2]
+ - Compiler version used [e.g., clang 9.0.0]
+ - Build variables used [e.g., "-DOQS_ALGS_ENABLED=STD"]
+ - liboqs version [e.g. 0.7.2 or main branch]
+
+**Additional context**
+Add any other context about the problem here.
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,16 @@
+[//]: # (SPDX-License-Identifier: CC-BY-4.0)
+[//]: # (TODO Customize PR template)
+
+[//]: # (See https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository )
+
+<!-- Please give a brief explanation of the purpose of this pull request. -->
+
+<!-- Does this PR resolve any issue?  If so, please reference it using automatic-closing keywords like "Fixes #123." -->
+
+<!-- Any PR adding a new feature is expected to contain a test; the test should be part of CI testing, preferably within the ".github/workflows" directory tree. Please add an explanation to the PR if/when (why) this cannot be done. -->
+
+<!-- Please answer the following questions to help manage version and changes across projects. -->
+
+* [ ] Does this PR change the input/output behaviour of a cryptographic algorithm (i.e., does it change known answer test values)?  (If so, a version bump will be required from *x.y.z* to *x.(y+1).0*.)
+
+<!-- Once your pull request is ready for review and passing continuous integration tests, please convert from a draft PR to a normal PR, and request a review from one of the OQS core team members. -->
diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml
@@ -0,0 +1,61 @@
+# SPDX-License-Identifier: Apache-2.0
+
+name: OSSF Scorecard analysis
+on:
+  # Only the default branch is supported.
+  branch_protection_rule:
+  schedule:
+    # Weekly on Saturdays.
+    - cron: '30 1 * * 6'
+  push:
+    branches: [ main ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed if using Code scanning alerts
+      security-events: write
+      # Needed for GitHub OIDC token if publish_results is true
+      id-token: write
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) fine-grained personal access token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-fine-grained-pat-optional.
+          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+
+          # Publish the results for public repositories to enable scorecard badges. For more details, see
+          # https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories, `publish_results` will automatically be set to `false`, regardless
+          # of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # required for Code scanning alerts
+      - name: "Upload SARIF results to code scanning"
+        uses: github/codeql-action/upload-sarif@592977e6ae857384aa79bb31e7a1d62d63449ec5 # v2.16.3
+        with:
+          sarif_file: results.sarif
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,5 @@
+# SPDX-License-Identifier: Apache-2.0
+# (TODO customize .gitignore for project)
+
+.vscode
+.idea
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -0,0 +1,8 @@
+# SPDX-License-Identifier: Apache-2.0
+# TODO Update code owners
+
+# Last matching pattern has precedence
+
+# Default owner
+* @pq-code-package/pqcp-hackers
+  
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
@@ -0,0 +1,6 @@
+[//]: # (SPDX-License-Identifier: CC-BY-4.0)
+[//]: # (TODO Add code of conduct)
+
+# Code of Conduct
+
+Please see [open issue](https://github.com/pq-code-package/tsc/issues/9)
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -0,0 +1,6 @@
+[//]: # (SPDX-License-Identifier: CC-BY-4.0)
+[//]: # (TODO Add contributing guide)
+
+# Contributing
+
+to be completed
diff --git a/GOVERNANCE.md b/GOVERNANCE.md
@@ -0,0 +1,6 @@
+[//]: # (SPDX-License-Identifier: CC-BY-4.0)
+[//]: # (TODO Define governance)
+
+# Governance
+
+to be documented
diff --git a/MAINTAINERS.md b/MAINTAINERS.md
@@ -0,0 +1,11 @@
+[//]: # (SPDX-License-Identifier: CC-BY-4.0)
+[//]: # (TODO Update list of maintainers)
+
+# Maintainers
+
+## Active Maintainers
+
+| Name                    | GitHub                                    | Chat           | Affliation
+|-------------------------|-------------------------------------------|----------------|----------------------
+| Nigel Jones             | [planetf1](https://github.com/planetf1)   | planetf1       | IBM
+
diff --git a/README.md b/README.md
@@ -1,2 +1,6 @@
+[//]: # (SPDX-License-Identifier: CC-BY-4.0)
+[//]: # (TODO Customize project readme)
+
 # template-code
+
 Template for creating code repositories, with basic file setup included
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,6 @@
+[//]: # (SPDX-License-Identifier: CC-BY-4.0)
+[//]: # (TODO Add Security Policy)
+
+# Security
+
+Please see [open issue](https://github.com/pq-code-package/tsc/issues/8)
diff --git a/SUPPORT.md b/SUPPORT.md
@@ -0,0 +1,6 @@
+[//]: # (SPDX-License-Identifier: CC-BY-4.0)
+[//]: # (TODO add support information)
+
+# Support
+
+To be written.
diff --git a/antitrust.md b/antitrust.md
@@ -0,0 +1,8 @@
+[//]: # (SPDX-License-Identifier: CC-BY-4.0)
+
+# Antitrust Policy Notice
+
+Linux Foundation meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws.
+
+Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at
+[https://www.linuxfoundation.org/antitrust-policy](https://www.linuxfoundation.org/antitrust-policy). If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +# SPDX-License-Identifier: Apache-2.0
 +# (TODO customize .gitignore for project)
++
 +.vscode
 +.idea