Update after move to new GitHub org

Cargo.toml

@@ -8,7 +8,7 @@ description = "Verifiable credential issuance and presentation for Hyperledger A
 edition = "2024"
 license = "Apache-2.0"
 readme = "../README.md"
-repository = "https://github.com/hyperledger/anoncreds-rs/"
+repository = "https://github.com/anoncreds/anoncreds-rs/"
 categories = ["authentication", "cryptography"]
 keywords = ["hyperledger", "ssi", "verifiable", "credentials"]
 rust-version = "1.85"

MAINTAINERS.md

@@ -1,19 +1,19 @@
 # Maintainers
 
-This file defines the Maintainers processes (adding, removing) and duties for all repositories in the Hyperledger AnonCreds Project,
+This file defines the Maintainers processes (adding, removing) and duties for all repositories in the LF Decentralized Trust AnonCreds Project,
 as well as the list of Maintainers for this repository. "Maintainers" are defined as any individuals with escalated GitHub privileges above
-"READ" in Hyperledger AnonCreds repositories. Maintainers **MUST** abide by the Hyperledger AnonCreds Project Charter.
+"READ" in AnonCreds repositories. Maintainers **MUST** abide by the AnonCreds Project Charter.
 
-All other Hyperledger AnonCreds Project repository MAINTAINERS.md files point to this file.
+All other AnonCreds Project repository MAINTAINERS.md files point to this file.
 
 ## Maintainers for this Repository
 
 Maintainers for this repository are listed in the [Access Control YAML file].
 Search in the file for this repository.
 
-[Access Control YAML file]: https://github.com/hyperledger/governance/blob/main/access-control.yaml
+[Access Control YAML file]: https://github.com/anoncreds/governance/blob/main/config.yaml
 
-## The Duties of a Hyperledger AnonCreds Maintainers
+## The Duties of an AnonCreds Maintainers
 
 Maintainers are expected to fulfill the following responsibilities for the repositories they oversee. The duties are listed in more or less priority order:
 
@@ -31,12 +31,12 @@ Maintainers are expected to fulfill the following responsibilities for the repos
 - Maintain the repository CONTRIBUTING.md file and getting started documents to
   give guidance and encouragement to those wanting to contribute to the product, and those wanting to become maintainers.
 - Contribute to the product via GitHub Pull Requests.
-- Monitor requests from the Hyperledger Technical Oversight Committee about the
-contents and management of Hyperledger repositories, such as branch handling,
+- Monitor requests from the LF Decentralized Trust TAC about the
+contents and management of LF Decentralized Trust repositories, such as branch handling,
 required files in repositories and so on.
-- Contribute to the Hyperledger Project's Quarterly Report.
+- Contribute to the AnonCreds Project's Quarterly Report.
 
-## Becoming a Hyperledger AnonCreds Maintainer
+## Becoming an AnonCreds Maintainer
 
 This community welcomes contributions. Interested contributors are encouraged to
 progress to become maintainers. To become a maintainer the following steps
@@ -56,7 +56,7 @@ occur, roughly in order.
   - At least three (3) TSC or project Maintainers approve the PR or provide an approval comment on the PR.
 - If the PR does not get the requisite PR approvals, it may be closed.
 
-## Removing Hyperledger AnonCreds Maintainers
+## Removing AnonCreds Maintainers
 
 Being a maintainer is not a status symbol or a title to be carried
 indefinitely. It will occasionally be necessary and appropriate to move a
@@ -76,7 +76,7 @@ The process to remove a maintainer from active status is comparable to the proce
 resignation, the Pull Request can be merged following a maintainer PR approval. If the removal is for any other reason, the following steps **SHOULD** be followed:
 
 - A PR is created to update the [Access Control YAML file] to remove the maintainer from the appropriate teams.
-- The PR is authored by, or has a comment supporting the proposal from, an existing maintainer or Hyperledger GitHub organization administrator.
+- The PR is authored by, or has a comment supporting the proposal from, an existing maintainer or AnonCreds GitHub organization administrator.
 - Once the PR and necessary comments have been received, the approval timeframe begins.
 - The PR **MAY** be communicated on appropriate communication channels, including relevant community calls, chat channels and mailing lists.
 - The PR is merged and the maintainer is removed if:

SECURITY.md

@@ -1,11 +1,168 @@
-# Hyperledger Security Policy
+# LF Decentralized Trust AnonCreds Security Policy
 
-## Reporting a Security Bug
+## About this document
 
-If you think you have discovered a security issue in any of the Hyperledger projects, we'd love to hear from you. We will take all security bugs seriously and if confirmed upon investigation we will patch it within a reasonable amount of time and release a public security bulletin discussing the impact and credit the discoverer.
+This document defines how security vulnerability reporting is handled in the
+LF Decentralized Trust AnonCreds project. The approach aligns with the [LFDT
+Foundation's Security Vulnerability Reporting
+policy](https://toc.hyperledger.org/governing-documents/security.html). Please
+review that document to understand the basis of the security reporting for
+LF Decentralized Trust AnonCreds.
 
-There are two ways to report a security bug. The easiest is to email a description of the flaw and any related information (e.g. reproduction steps, version) to [security at hyperledger dot org](mailto:security@hyperledger.org).
+The LF Decentralized Trust Security Vulnerability policy borrows heavily from the
+recommendations of the OpenSSF Vulnerability Disclosure working group. For
+up-to-date information on the latest recommendations related to vulnerability
+disclosures, please visit the [GitHub of that working
+group](https://github.com/ossf/wg-vulnerability-disclosures).
 
-The other way is to file a confidential security bug in our [JIRA bug tracking system](https://jira.hyperledger.org). Be sure to set the “Security Level” to “Security issue”.
+If you are already familiar with the security policies of AnonCreds, and
+ready to report a vulnerability, please jump to [Report
+Intakes](#report-intakes).
 
-The process by which the Hyperledger Security Team handles security bugs is documented further in our [Defect Response page](https://wiki.hyperledger.org/display/HYP/Defect+Response) on our [wiki](https://wiki.hyperledger.org).
+## Outline
+
+This document has the following sections:
+
+- [LF Decentralized Trust AnonCreds Security Policy](#lf-decentralized-trust-anoncreds-security-policy)
+  - [About this document](#about-this-document)
+  - [Outline](#outline)
+  - [What Is a Vulnerability Disclosure Policy?](#what-is-a-vulnerability-disclosure-policy)
+  - [Security Team](#security-team)
+  - [Discussion Forums](#discussion-forums)
+  - [Report Intakes](#report-intakes)
+  - [CNA/CVE Reporting](#cnacve-reporting)
+  - [Embargo List](#embargo-list)
+  - [(GitHub) Security Advisories](#github-security-advisories)
+  - [Private Patch Deployment Infrastructure](#private-patch-deployment-infrastructure)
+
+## What Is a Vulnerability Disclosure Policy?
+
+No piece of software is perfect. All software (at least, all software of a
+certain size and complexity) has bugs. In open source development, members of
+the community or the public find bugs and report them to the project. A
+vulnerability disclosure policy explains how this process functions from the
+perspective of the project.
+
+This vulnerability disclosure policy explains the rules and guidelines for
+the AnonCreds Project. It is intended to act as both a reference for
+outsiders–including both bug reporters and those looking for information on the
+project's security practices–as well as a set of rules that maintainers and
+contributors have agreed to follow.
+
+## Security Team
+
+The current AnonCreds Project security team is:
+
+| Name             | Email ID                        | Discord ID      | Area/Specialty         |
+| ---------------- | ------------------------------- | --------------- | ---------------------- |
+| Stephen Curran   | swcurran@cloudcompass.ca        | swcurran        | cp ../to               |
+| Hart Montgomery  | hmontgomery@linuxfoundation.org | hartm           | Cryptography, Security |
+| Mike Lodder      | redmike7@gmail.com              | mikelodder      | Cryptography           |
+| Andrew Whitehead | cywolf@gmail.com                | andrewwhitehead | Cryptography, Security |
+
+The security team for the AnonCreds Project must include at least three AnonCreds
+Maintainers that agree to carry out the following duties and responsibilities.
+Members are added and removed from the team via approved Pull Requests to this
+repository. For additional background into the role of the security team, see
+the [People Infrastructure] section of the LF Decentralized Trust Security Policy.
+
+[People Infrastructure]: https://toc.hyperledger.org/governing-documents/security.html#people-infrastructure
+
+**Responsibilities:**
+
+1. Acknowledge the receipt of vulnerability reports to the reporter within 2
+   business days.
+
+2. Assess the issue. Engage with the reporter to ask any outstanding questions
+about the report and how to reproduce it. If the report was received by email
+and may be a security vulnerability, open a GitHub Security Advisory on the
+repository to manage the report. If the report is not considered a
+vulnerability, then the reporter should be informed and this process can be
+halted. If the report is a regular bug (but not a security vulnerability), the
+reporter should be informed (if necessary) of the regular process for reporting
+issues.
+
+1. Some issues may require more time and resources to correct. If a particular
+report is complex, discuss an embargo period with the reporter during which
+time the report will not be publicly disclosed. The embargo period should be
+negotiated with the reporter and must not be longer than 90 days.
+
+1. If necessary, create a private patch development infrastructure for the issue
+   by emailing the [security@lists.lfdecentralizedtrust.org].
+
+[security@lists.lfdecentralizedtrust.org]: mailto:security@lists.lfdecentralizedtrust.org
+
+1. Request a CVE for the issue (see the [CNA/CVE Reporting](#cnacve-reporting)
+   section).
+
+2. Decide a date for the public release of the vulnerability report, the date
+   the embargo period ends.
+
+3. If applicable, notify members of the embargo list of the vulnerability,
+upcoming patch and release, as described above.
+
+1. Publish a new (software) release in which the vulnerability is addressed.
+
+2. Publicly disclose the issue within 48 hours after the release via a
+GitHub security advisory (see the [(GitHub) Security
+Advisories](#github-security-advisories) section for details).
+
+## Discussion Forums
+
+Discussions about each reported vulnerability should be carried out in the
+private GitHub security advisory about the vulnerability. If necessary, a private
+channel specific to the issue may be created on the Hyperledger Discord server
+with invited participants added to the discussion.
+
+## Report Intakes
+
+AnonCreds has the following ways to submit security
+vulnerabilities. While the security team members will do their best to
+respond to bugs disclosed in all possible ways, it is encouraged for bug
+finders to report through the following approved channels:
+
+- Email the [security@lists.lfdecentralizedtrust.org]: To report a security issue, please
+send an email with the name of the project/repository, a description of the issue, the
+steps you took to create the issue, affected versions, and if known,
+mitigations. If in triaging the email, the security team determines the issue may be
+a security vulnerability, a [GitHub security vulnerability report] will be
+opened.
+- Open a [GitHub security vulnerability report]: Open a draft security advisory
+on the "Security" tab of this GitHub repository. See [GitHub Security
+Advisories](#github-security-advisories) to learn more about the security
+infrastructure in GitHub.
+
+[GitHub security vulnerability report]: https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability
+
+## CNA/CVE Reporting
+
+AnonCreds maintains a list of **Common Vulnerabilities and Exposures
+(CVE)** and uses GitHub as its **CVE numbering authority (CNA)** for issuing
+CVEs.
+
+## Embargo List
+
+AnonCreds does **NOT** currently maintain a private embargo list.
+
+If you wish to be added to the embargo list, please email the [security@lists.lfdecentralizedtrust.org] mailing list,
+including the project name (AnonCreds) and reason for being added
+to the embargo list. Requests will be assessed by the AnonCreds
+security team in conjunction with the appropriate LF Decentralized Trust Staff, and a
+decision will be made to accommodate or not the request.
+
+For more information about embargo lists, please see the [Embargo List section
+of the Hyperledger Security
+Policy](https://toc.hyperledger.org/governing-documents/security.html#embargo-list).
+
+## (GitHub) Security Advisories
+
+AnonCreds uses GitHub Security Advisories to manage the public
+disclosure of security vulnerabilities.
+
+## Private Patch Deployment Infrastructure
+
+In creating patches and new releases that address security vulnerabilities,
+the AnonCreds Project **MAY** use the private development features of GitHub for
+security vulnerabilities. GitHub has [extensive
+documentation](https://docs.github.com/en/code-security/security-advisories/repository-security-advisories)
+about these features.

wrappers/python/README.md

@@ -10,10 +10,10 @@ The initial implementation of `anoncreds` / `indy-shared-rs` was developed by th
 
 ## Contributing
 
-Pull requests are welcome! Please read our [contributions guide](https://github.com/hyperledger/anoncreds-rs/blob/main/CONTRIBUTING.md) and submit your PRs. We enforce [developer certificate of origin](https://developercertificate.org/) (DCO) commit signing. See guidance [here](https://github.com/apps/dco).
+Pull requests are welcome! Please read our [contributions guide](https://github.com/anoncreds/anoncreds-rs/blob/main/CONTRIBUTING.md) and submit your PRs. We enforce [developer certificate of origin](https://developercertificate.org/) (DCO) commit signing. See guidance [here](https://github.com/apps/dco).
 
 We also welcome issues submitted about problems you encounter in using `anoncreds`.
 
 ## License
 
-[Apache License Version 2.0](https://github.com/hyperledger/anoncreds-rs/blob/main/LICENSE)
+[Apache License Version 2.0](https://github.com/anoncreds/anoncreds-rs/blob/main/LICENSE)

wrappers/python/setup.py

@@ -19,7 +19,7 @@
         author_email="anoncreds@lists.hyperledger.org",
         long_description=long_description,
         long_description_content_type="text/markdown",
-        url="https://github.com/hyperledger/anoncreds-rs",
+        url="https://github.com/anoncreds/anoncreds-rs",
         packages=find_packages(),
         include_package_data=True,
         package_data={