chore(repo): add BACKERS and CONTRIBUTORS rosters; ignore SBOMs#5
Merged
Conversation
The cargo sbom workflow regenerates *.cdx.json files on every CI run. Treating them as source pollutes git history with build output and risks merge conflicts on every release. Ignore them so SBOMs stay where they belong: as workflow artefacts attached to runs and releases. Signed-off-by: MicrosoftWindows96 <spam@zagrosi.com>
Adds two public-facing governance files referenced by the Sponsors
profile, FUNDING.yml, and the future sponsor onboarding flow:
* BACKERS.md groups recurring sponsors by tier (Commercial License
at $500/mo, Operator at $100/mo, Builder at $25/mo, Backer at
$5/mo) plus a one-time sponsor section. Each tier carries a
short, accurate description of what the sponsor receives. Auto
insertion markers are reserved so a future webhook bot can
update entries without touching surrounding prose.
* CONTRIBUTORS.md combines code contributors, founding sponsors,
security researchers, and triage and design reviewers in one
place, with criteria for each category and an opt-out clause
for private contributors.
Two corrections relative to the initial draft:
* Defer the broken Contributor License Agreement reference rather
than link to a missing path. The CLA is a separate legal
artefact and will land in its own change.
* Drop the "(forthcoming)" qualifier from the SECURITY.md mention
since SECURITY.md already exists at the repository root, and
link to it.
Spelling normalised to American "license" to match README, the
LICENSE badge, and SECURITY.md.
Signed-off-by: MicrosoftWindows96 <spam@zagrosi.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
BACKERS.mdlisting recurring and one-time sponsors by tier (Commercial License, Operator, Builder, Backer, One-time), with auto-insertion markers reserved for a future sponsor webhook.CONTRIBUTORS.mdcovering code contributors, founding sponsors, security researchers, and triage/design reviewers, plus an opt-out clause for private contributors.(forthcoming)qualifier from theSECURITY.mdreference, which already exists.README.md, theLICENSEbadge, andSECURITY.md.*.cdx.jsonso CycloneDX SBOMs generated by thecargo sbomworkflow stay as build artefacts rather than tracked source.Test plan
git statusshows no untracked SBOM files after the gitignore rule lands.grep -n "[Ll]icenc" BACKERS.md CONTRIBUTORS.mdreturns no matches (American spelling enforced).grep -n "—" BACKERS.md CONTRIBUTORS.mdreturns no matches (no em-dashes in committed prose).