docs(standards) security, coc, and contrib

xero · xero · commit 4cfc89d0a0ea · 2025-10-27T00:04:57.000-04:00
diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md
@@ -0,0 +1,56 @@
+# Contributor Code of Conduct
+
+## Our Pledge
+
+As maintainers and contributors, we pledge to make participation in our project a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation. We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy project.
+
+## Our Standards
+
+**Examples of behavior that contributes to a positive environment for our project include:**
+
+- Demonstrating empathy and kindness toward other people
+- Being respectful of differing opinions, viewpoints, and experiences
+- Giving and gracefully accepting constructive feedback
+- Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience
+- Focusing on what is best not just for us as individuals, but for the overall project
+
+**Examples of unacceptable behavior include:**
+
+- The use of sexualized language or imagery, and sexual attention or advances of any kind
+- Trolling, insulting or derogatory comments, and personal or political attacks
+- Public or private harassment
+- Doxxing or Publishing others' personal / private information
+- Other conduct which could reasonably be considered inappropriate in a professional setting
+
+When we disagree, stop and try to understand the other person's perspective.
+
+Disagreements, both social and technical, happen all the time and open source projects are no exception. It is important that we resolve disagreements and differing views constructively. _Remember that we're different!_
+
+## Enforcement Guidelines
+
+### 1. Warning
+
+**Impact**: Use of inappropriate language or other behavior deemed unprofessional or unwelcome to the project.
+
+**Consequence**: A written warning providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested.
+
+### 3. Temporary Ban
+
+**Impact**: A serious violation of project standards, including sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public communication with the project for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Impact**: Demonstrating a pattern of violation of project standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction with the project.
+
+## Reporting
+
+You can publicly mention [@xero](https://github.com/xero) or privately via [PGP signed email](https://0w.nz/pgp.pub) or [Matrix](https://matrix.to/#/@x0:rx.haunted.computer)
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org) and the [Speak Up! Community Code of Conduct](http://web.archive.org/web/20141109123859/http://speakup.io/coc.html)
+
diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md
@@ -0,0 +1,29 @@
+# Contributing
+
+I'm really glad you're reading this, people make projects better.
+
+## Did you find a bug?
+
+- Ensure the bug was not already reported by searching our [GitHub Issues](https://github.com/xero/text0wnz/issues).
+- If you're unable to find an open issue addressing the problem, open a new one.
+  - Be sure to include a title and clear description, as much relevant information as possible.
+  - A code sample or an execution test case demonstrating the expected behavior that is not occurring.
+
+> ### **Do not open up a issue if the bug is a security vulnerability**
+> Instead to refer to our [security policy](https://github.com/xero/text0wnz/blob/main/.github/SECURITY.md) and submit a private [advisory](https://github.com/xero/text0wnz/security/advisories/new).
+
+## Did you fix a bug?
+
+- Open a new GitHub pull request with the patch.
+- Ensure the PR description clearly describes the problem and solution.
+- Include the relevant issue number if applicable.
+
+## Did you write a new feature?
+
+- Rad! Please [lint, format](https://github.com/xero/text0wnz/wiki/building-and-developing#code-quality-scripts), and [test](https://github.com/xero/text0wnz/wiki/testing) your code before submitting a [pull request](https://github.com/xero/text0wnz/pulls).
+
+# Do you have question about the code or using the app?
+
+- First, please review our detailed [wiki](https://github.com/xero/text0wnz/wiki)
+- If you still need help, feel free to open a new [issue](https://github.com/xero/text0wnz/issues).
+- Be as detailed as possible, including screenshots if necessary.
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -0,0 +1,45 @@
+# Security Policy
+
+The makers of the `teXt0wnz` application value your security and privacy. We are committed to maintaining a secure application and full transparency about how your data is handled.
+
+## Supported Versions
+
+The following versions of `text0w.nz` are currently being supported with security updates:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 2.x.x   | :white_check_mark: |
+| 1.0.x   | :x:                |
+
+## Reporting a Vulnerability
+
+If you discover a flaw in the application (client or server) please submit a new [security advisory](https://github.com/xero/text0wnz/security/advisories/new).
+
+If you do not wish to use GitHub, you can contact the project maintainer directly via [PGP signed email](https://0w.nz/pgp.pub) or [Matrix](https://matrix.to/#/@x0:rx.haunted.computer)
+
+Make sure your advisory includes the following information:
+- Detailed explanation of the issue
+- text0wnz software version and commit hash used
+- POC exploiting the vulnerability
+- Any logs that might be available
+- Contact info if you wish to talk outside of github
+- If possible, suggested fixes, mitigations, or solutions to the issue
+
+Your advisory will be triaged by our team ASAP. We will undoubtedly contact you for more information.
+
+> **Please Note:** this is an open-source project and we do not award monetary bug bounties.  As a thank you, your name will be added to contributors list crediting your work.
+
+## Privacy
+
+_You_ have full control over your data. No personal data is collected or stored unless you voluntarily include it in your artwork’s "[sauce](https://github.com/xero/text0wnz/wiki/sauce-format)" metadata. All data remains on your device and is never unknowingly transferred; only files you explicitly choose to save or export leave your device.
+
+### Cookies and Tracking
+We **do not** use cookies, tracking technologies, or similar mechanisms.
+
+### Data Storage and Usage
+
+**Local Storage**: This application uses your device’s local storage to save the following information about your artwork:
+- CANVAS_DATA: The raw drawing data for your current artwork.
+- FONT_NAME, PALETTE_COLORS, ICE_COLORS, LETTER_SPACING, XBIN_FONT_DATA: Editor font and configuration settings to ensure a consistent experience.
+
+For more information, see our [Privacy Policy](https://github.com/xero/text0wnz/wiki/privacy)
