From 4fedcc7e5018fd637d2b69a2f38db19646894074 Mon Sep 17 00:00:00 2001 From: Jon McLaren Date: Sun, 5 May 2019 13:37:30 -0500 Subject: [PATCH 1/3] remove same great hair bit --- README.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/README.md b/README.md index 9e226cf..37d2183 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,7 @@ # HubSpot-Developer-Extension [![Codacy Badge](https://api.codacy.com/project/badge/Grade/d6a1c1d220ea4ca79299b432ca44a9d8)](https://www.codacy.com/app/jonmclaren1/HubSpot-Developer-Extension?utm_source=github.com&utm_medium=referral&utm_content=williamspiro/HubSpot-Developer-Extension&utm_campaign=Badge_Grade) -![Hair perfection](https://avatars1.githubusercontent.com/u/5492388?s=400&v=4) -# New Ownership. Same great hair! -The ownership change of the repo, doesn't really affect much, just detaches Will's face and username from showing up when people link the repo. While we haven't seen anyone actually confused over the extension being community driven and not an official HubSpot product. We thought we're hitting a point in popularity that being more obvious with this is probably a good idea. Nothing significant is changing because of this, I had been kinda leading the charge on the extension since it hit the chrome web store. Will still has contributor status, and can make updates. This chrome extension retains it's mission of improving HubSpot's developer experience from the outside. A Chrome/Chromium extension for HubSpot Developers that adds useful shortcuts to commonly used HubSpot Query Parameters, and tools for making HubSpot Development easier and more enjoyable. For details on the many features we have a wiki page detailing them:[Feature Breakdown](https://github.com/williamspiro/HubSpot-Developer-Extension/wiki/Feature-Breakdown) From 623179fb8de0df0e0b14f6c44f50a6b008309a9b Mon Sep 17 00:00:00 2001 From: Viktor Brech Date: Tue, 4 Jun 2019 00:26:06 +0200 Subject: [PATCH 2/3] fixing a broken link code of conduct link is 404ing, fixing it --- CONTRIBUTING.md | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 291f661..62dd7bb 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,7 +2,7 @@ * If you would like to contribute through development, you can fork this repo, make your changes and submit a pull request. If you contribute regularly, you can request collaborator access from @wspiro * If you would like to contribute through testing - please [install the beta version of the chrome extension](https://github.com/williamspiro/HubSpot-Developer-Extension/wiki/How-to-use-the-Beta-version-of-the-extension). Then Join the slack channel and provide feedback, let us know if you find a bug or have an idea. * If you would like to contribute through taking screenshots for the web store - make sure you're using the latest version of the stable version of the extension and post issues with your screenshots. You could also be pre-emptive and submit screenshots taken from the beta version, allowing us to have up-to-date screenshots by the time that goes live. -* [Don't be a richard, no one likes a richard, sorry Richard.](https://github.com/williamspiro/HubSpot-Developer-Extension/blob/contributors-update/CODE_OF_CONDUCT.md) +* [Don't be a richard, no one likes a richard, sorry Richard.](https://github.com/TheWebTech/HubSpot-Developer-Extension/blob/master/CODE_OF_CONDUCT.md) ## Making changes to the extension If you would like to make changes, I suggest reviewing the issues, and see if a discussion related to the feature or bug you want to work on exists. There may already be a discussion about the best way to implement something. diff --git a/README.md b/README.md index 37d2183..0b2e07d 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ Firefox cannot run the extension. We do however want to support Firefox but need ## How to Contribute: 1. [Read this first!](https://github.com/williamspiro/HubSpot-Developer-Extension/blob/master/CONTRIBUTING.md) -2. [Don't be a richard, no one likes a richard. Sorry Richard.](https://github.com/williamspiro/HubSpot-Developer-Extension/blob/contributors-update/CODE_OF_CONDUCT.md) +2. [Don't be a richard, no one likes a richard. Sorry Richard.](https://github.com/TheWebTech/HubSpot-Developer-Extension/blob/master/CODE_OF_CONDUCT.md) 3. [We denote easy/small issues that are good for beginners. but feel free to tackle any you see in issues or add a feature you want](https://github.com/williamspiro/HubSpot-Developer-Extension/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22) 4. Speak another language? [help add or improve translations for that language!](https://github.com/williamspiro/HubSpot-Developer-Extension/wiki/How-to-add-support-for-a-new-language-or-improve-existing-translations) 5. Test your own branch or someone elses. [how to test](https://github.com/williamspiro/HubSpot-Developer-Extension/wiki/How-to-test-changes-you've-made-to-the-extension) From 1d9f9a3ce83f28db6ec37494f8a5b11e941a374d Mon Sep 17 00:00:00 2001 From: Jon McLaren Date: Tue, 4 Jun 2019 09:27:09 -0500 Subject: [PATCH 3/3] created security file. --- SECURITY.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..c619f9c --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,18 @@ +# Security Policy + +We take security very seriously. Since this is a browser extension which has access to the extension API's and because it's a developer focused extension it's extremely important to make sure no confidential/sensitive data ever leaves or is collected by the extension. + +## Supported Versions + +We have 2 versions of the extension that exist in the chrome web store, a beta and a stable build. Any security related issues if present in both will be patched to both. + +## Reporting a Vulnerability + +To report a vulnerability directly contact Jon McLaren OR Submit an email explaining the vulnerability to hubspot-developer-extension@googlegroups.com. This will go to the core group of maintainers. + +This extension is maintained by volunteers - that said response time can vary. We will make every effort to respond quickly. +If the vulnerability is a true vulnerability we will create a hidden branch and discussion thread for resolving this issue, push the update to the chrome web store as soon as possible. + +As this is a volunteer driven project with no finances we're sorry we can't offer any financial reward. We will however give full credit to you for discovering the hole, and you will be allowed to publish details on the exploit. We do ask however that you do not publish prior to the security hole being patched in the chrome web store + 1 day(to give chrome time to push the update). Publishing early will put all of the users at risk. + +If you feel during any step of the way that there is an issue in our process feel free to let Jon McLaren know. We are open to improving it.