initial checkin

Author: Claudenw

CODE_OF_CONDUCT.md

@@ -0,0 +1,128 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+opensource@aiven.io.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.

CONTRIBUTING.md

@@ -0,0 +1,33 @@
+# Welcome!
+
+Contributions are very welcome on {{ PROJECT }}. When contributing please keep this in mind:
+
+- Open an issue to discuss new bigger features.
+- Write code consistent with the project style and make sure the tests are passing.
+- Stay in touch with us if we have follow up questions or requests for further changes.
+
+# Development
+
+## Local Environment
+
+
+## Tests
+
+
+## Static checking and Linting
+
+
+## Manual testing
+
+
+### Configuration
+
+
+# Opening a PR
+
+- Commit messages should describe the changes, not the filenames. Win our admiration by following
+  the [excellent advice from Chris Beams](https://chris.beams.io/posts/git-commit/) when composing
+  commit messages.
+- Choose a meaningful title for your pull request.
+- The pull request description should focus on what changed and why.
+- Check that the tests pass (and add test coverage for your changes if appropriate).

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright [yyyy] [name of copyright owner]
+   Copyright (c) 2021 Aiven, Helsinki, Finland. https://aiven.io/
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

README.md

@@ -0,0 +1,23 @@
+{{PROJECT_NAME}}
+======================
+This is a template repository for creating open source repositories at Aiven.
+
+Overview
+========
+
+Features
+============
+
+Setup
+============
+
+License
+============
+{{PROJECT_NAME}} is licensed under the Apache license, version 2.0. Full license text is available in the [LICENSE](LICENSE) file.
+
+Please note that the project explicitly does not require a CLA (Contributor License Agreement) from its contributors.
+
+Contact
+============
+Bug reports and patches are very welcome, please post them as GitHub issues and pull requests at https://github.com/aiven/{{PROJECT_NAME}} . 
+To report any possible vulnerabilities or other serious issues please see our [security](SECURITY.md) policy.

SECURITY.md

@@ -0,0 +1,33 @@
+# Security Policy
+
+## Supported Versions
+
+We release patches for security vulnerabilities. Which versions are eligible
+to receive such patches depend on the CVSS v3.0 Rating:
+
+| CVSS v3.0 | Supported Versions                        |
+| --------- | ----------------------------------------- |
+| 4.0-10.0  | Most recent release                       |
+
+## Reporting a Vulnerability
+
+Please report (suspected) security vulnerabilities to our **[bug bounty
+program](https://bugcrowd.com/aiven-mbb-og)**. You will receive a response from
+us within 2 working days. If the issue is confirmed, we will release a patch as
+soon as possible depending on impact and complexity.
+
+## Qualifying Vulnerabilities
+
+Any reproducible vulnerability that has a severe effect on the security or
+privacy of our users is likely to be in scope for the program.
+
+We generally **aren't** interested in the following issues:
+* Social engineering (e.g. phishing, vishing, smishing) attacks
+* Brute force, DoS, text injection
+* Missing best practices such as HTTP security headers (CSP, X-XSS, etc.),
+  email (SPF/DKIM/DMARC records), SSL/TLS configuration.
+* Software version disclosure / Banner identification issues / Descriptive
+  error messages or headers (e.g. stack traces, application or server errors).
+* Clickjacking on pages with no sensitive actions
+* Theoretical vulnerabilities where you can't demonstrate a significant
+  security impact with a proof of concept.