Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

feat: add CONTRIBUTING, SECURITY, SUPPORT, and FUNDING#3

Merged
psjamesp merged 1 commit into
pr/02-governancePowerShellOrg/.github:pr/02-governancefrom
pr/03-communityPowerShellOrg/.github:pr/03-communityCopy head branch name to clipboard
Apr 21, 2026
Merged

feat: add CONTRIBUTING, SECURITY, SUPPORT, and FUNDING#3
psjamesp merged 1 commit into
pr/02-governancePowerShellOrg/.github:pr/02-governancefrom
pr/03-communityPowerShellOrg/.github:pr/03-communityCopy head branch name to clipboard

Conversation

@HeyItsGilbert

@HeyItsGilbert HeyItsGilbert commented Apr 21, 2026

Copy link
Copy Markdown
Member

Stack position: 3 of 7

Community health files that GitHub surfaces on every repo in the org.

What's in this PR

CONTRIBUTING.md covers:

  • Dev setup: psake + PowerShellBuild + Pester 5 + PSScriptAnalyzer; the six standard psake task names (Init/Clean/Build/Test/Analyze/Publish) are documented as fixed convention
  • Branching and Conventional Commits style
  • PR checklist requirements
  • Review SLAs: 7-day first response for status-active, 30-day for status-stable
  • Release process (maintainer-only, tag-triggered)
  • License-by-contribution clause

SECURITY.md covers:

  • Supported versions policy (latest minor of latest major by default; per-repo overrides allowed)
  • GitHub Private Vulnerability Reporting as primary channel; security@powershellorg.example as fallback
  • SLA: 72h ack / 7d status update / 14d fix for critical / 30d for high / 90d for medium-low
  • Coordinated disclosure, CVE assignment for serious issues, reporter credit

SUPPORT.md — Discussions for questions, Issues for bugs, no-DM policy, security redirect

FUNDING.yml — Commented placeholder; no sponsorship configured yet

Council questions

  1. Review SLAs (7d active / 30d stable): realistic given current maintainer bandwidth?
  2. Security email placeholder: what should security@powershellorg.example be?
  3. 14-day critical fix SLA: too aggressive for a volunteer org? We could soften to 30 days.

Base: pr/02-governance — merge PRs 1–2 first.

@HeyItsGilbert
feat: add community health files
5e79d1d 
CONTRIBUTING.md: dev setup, branching conventions, PR expectations,
review SLAs (7d active / 30d stable), release process, license-by-contribution.

SECURITY.md: GitHub PVR as primary channel, fallback email, 72h ack /
7d update / 14d critical fix SLA, coordinated disclosure, CVE commitment.

SUPPORT.md: Discussions for questions, Issues for bugs, no-DM policy.

FUNDING.yml: commented placeholder for future sponsorship setup.

Also includes updated GOVERNANCE.md and CODE_OF_CONDUCT.md from post-commit revision.
@psjamesp psjamesp merged commit dcfb88b into pr/02-governance Apr 21, 2026
@HeyItsGilbert HeyItsGilbert mentioned this pull request Apr 21, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@HeyItsGilbert @psjamesp
Morty Proxy This is a proxified and sanitized view of the page, visit original site.