Skip to content

Add community health files for outside contributor support#1

Open
skord wants to merge 1 commit intomainfrom
mdanko/add-community-health-files
Open

Add community health files for outside contributor support#1
skord wants to merge 1 commit intomainfrom
mdanko/add-community-health-files

Conversation

@skord
Copy link
Member

@skord skord commented Mar 17, 2026

Summary

Establishes org-wide community health files for accepting outside contributions
to Estuary's open source projects. These apply as defaults across all public
repos via GitHub's .github repo convention.

  • CLA.md — Individual Contributor License Agreement based on Apache ICLA,
    adapted for BSL-licensed projects
  • CONTRIBUTING.md — Contribution guidelines, PR process, code review
    expectations, CLA requirement
  • SECURITY.md — Vulnerability reporting policy (prefers GitHub private
    vulnerability reporting, security@estuary.dev as fallback)
  • CODE_OF_CONDUCT.md — Contributor Covenant 2.1, reports to
    conduct@estuary.dev

Still needed (not in this PR)

  • CLA enforcement via CLA Assistant GitHub Action
  • Audit per-repo security configurations before enabling org-wide private
    vulnerability reporting

Reviewer notes

CLA.md is the most important file to read carefully. The existing profile
README is unchanged.

@jgraettinger — tagging for review since this sets the contributor framework
across all Estuary public repos, including the CLA that governs IP rights
for outside contributions.

@skord
Add community health files for outside contributor support
e78e392 
Establish org-wide contributor framework for Estuary's BSL-licensed
open source projects: CLA based on Apache ICLA template (with BSL
licensing clause), contributing guidelines, security vulnerability
reporting policy (GitHub PVR + security@estuary.dev), code of conduct
(Contributor Covenant 2.1).
@skord skord requested a review from jgraettinger March 17, 2026 22:28
@skord skord self-assigned this Mar 17, 2026
@skord
Copy link
Member Author

skord commented Mar 17, 2026
edited
Loading

Rather than turning on org-wide private vulnerability reporting, I've validated it is on where we would potentially take any outside contributions and where it makes sense

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jgraettinger jgraettinger Awaiting requested review from jgraettinger

At least 1 approving review is required to merge this pull request.

Assignees

@skord skord

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@skord