Merge pull request #104 from NeedleInAJayStack/feature/sswgInclusion

paulofaria · web-flow · commit 6faf27d7b23c · 2022-08-15T22:58:59.000-03:00
doc: Adds security and conduct details for sswg
diff --git a/README.md b/README.md
@@ -124,6 +124,13 @@ should be encoded using the `GraphQLJSONEncoder` provided by this package.
 
 ## Contributing
 
+If you think you have found a security vulnerability, please follow the
+[Security guidelines](SECURITY.md).
+
+Those contributing to this package are expected to follow the [Swift Code of Conduct](https://www.swift.org/code-of-conduct/), the
+[Swift API Design Guidelines](https://swift.org/documentation/api-design-guidelines/), and the
+[SSWG Technical Best Practices](https://github.com/swift-server/sswg/blob/main/process/incubation.md#technical-best-practices).
+
 Most of this repo mirrors the structure of
 (the canonical GraphQL implementation written in Javascript/Typescript)[https://github.com/graphql/graphql-js]. If there is any feature
 missing, looking at the original code and "translating" it to Swift works, most of the time. For example:
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,18 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| < 2.0.0 | :x:                |
+| > 2.0.0 | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+If you think you have found a security vulnerability, please create a new
+[security advisory in GitHub](https://github.com/GraphQLSwift/GraphQL/security/advisories).
+and email Jay Herron at NeedleInAJayStack at protonmail.com. We expect to respond within 
+3 days to discuss the details of the security vulnerability.
