diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index f4d6bc0ce..723a3dbf0 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -84,6 +84,8 @@ jobs:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
+ api.github.com:443
+ dap.service.does.not.exist:443
files.pythonhosted.org:443
github.com:443
pypi.org:443
diff --git a/CHANGES.rst b/CHANGES.rst
index 4f46a4419..2b22842df 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -11,6 +11,7 @@ Announcements
* `xclim` now officially supports Python3.12 (requires `numba>=0.59.0`). (:pull:`1613`).
* `xclim` now adheres to the `Semantic Versioning 2.0.0 `_ specification. (:issue:`1556`, :pull:`1569`).
* The `xclim` repository now uses `GitHub Discussions `_ to offer help for users, coordinate translation efforts, and support general Q&A for the `xclim` community. The `xclim` `Gitter` room has been deprecated in favour of GitHub Discussions. (:issue:`1571`, :pull:`1572`).
+* For secure correspondence, `xclim` now offers a PGP key for users to encrypt sensitive communications. For more information, see the ``SECURITY.md``. (:issue:`1181`, :pull:`1604`).
New features and enhancements
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
index 778e6dde5..5233d8519 100644
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -60,7 +60,7 @@ representative at an online or offline event.
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported to the community leaders responsible for enforcement at
-support@ouranos.ca.
+[github-support@ouranos.ca](mailto:github-support@ouranos.ca).
All complaints will be reviewed and investigated promptly and fairly.
All community leaders are obligated to respect the privacy and security of the
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..6f1c898b2
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,38 @@
+# Security Policy
+
+## Supported Versions
+
+`xclim` is in rapid development and receives regular updates every four to six (4-6) weeks. In the event of a security-related bug discovery soon after the release of an `xclim` version, the last supported version will receive a patch release.
+
+## Reporting a Vulnerability
+
+If you believe you have found a security vulnerability in `xclim`, we encourage you to let us know right away. We take all security vulnerabilities seriously and appreciate your efforts to responsibly disclose them.
+
+Please follow these steps to report a security vulnerability:
+
+1. **Email**: Email [github-support@ouranos.ca](mailto:github-support@ouranos.ca) with a detailed description of the vulnerability. If applicable, please include any steps or a proof-of-concept to help us understand and reproduce the issue.
+
+2. **Encryption (Optional)**: If you are concerned about the sensitivity of the information you are sharing, you can use the PGP key found below to encrypt your communication.
+
+3. **Response**: We will acknowledge your email within 48 hours and work with you to understand and confirm the vulnerability.
+
+4. **Fix and Disclosure**: Once the vulnerability is confirmed, we will work to address it promptly. We appreciate your patience as we investigate and implement a fix. Once resolved, we will coordinate the disclosure and provide credit to the reporter unless they prefer to remain anonymous.
+
+## PGP Encryption Key
+
+You can use the following PGP key to encrypt your communications with us:
+
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+ mDMEZamQrhYJKwYBBAHaRw8BAQdA+saPvmvr1MYe1nQy3n3QDcRE9T7UzTJ1XH31
+ EI4Zb6u0Mk91cmFub3MgR2l0SHViIFN1cHBvcnQgPGdpdGh1Yi1zdXBwb3J0QG91
+ cmFub3MuY2E+iJkEExYKAEEWIQSeAu+Cbjupx79jy9VeVFD6o5TVcwUCZamQrgIb
+ AwUJCWYBgAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRBeVFD6o5TVc4ho
+ AQDXjDkx0b3A7yl6PQ4hBJ2uYzw0UWbml7mUwVdhMmdZkQD/VJZQNWrCQeOtYEM8
+ icZJYwR/OsKFOWqlDytusGGtjwa4OARlqZCuEgorBgEEAZdVAQUBAQdAa41Zabjz
+ P9O+p6tI69Cnft6U5om3+qCcMo8amTqauH0DAQgHiH4EGBYKACYWIQSeAu+Cbjup
+ x79jy9VeVFD6o5TVcwUCZamQrgIbDAUJCWYBgAAKCRBeVFD6o5TVcwmaAQClDxW6
+ 2gir7lhRXAcO+vmRImpGd29TrkcQVh+ak7VlwQEA706d7Kusiorlf/h8pLSoNMmS
+ kuLGmHpUJ8NVGppU+wo=
+ =wuxr
+ -----END PGP PUBLIC KEY BLOCK-----
diff --git a/docs/conf.py b/docs/conf.py
index 22ef76a68..1ff6daeb0 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -103,6 +103,7 @@
"sphinx_autodoc_typehints",
"sphinx_codeautolink",
"sphinx_copybutton",
+ "sphinx_mdinclude",
"sphinx_rtd_theme",
]
@@ -248,7 +249,7 @@ class XCStyle(AlphaStyle):
# the built documents.
#
# The short X.Y version.
-version = xclim.__version__
+version = xclim.__version__.split("-")[0]
# The full version, including alpha/beta/rc tags.
release = xclim.__version__
@@ -267,6 +268,7 @@ class XCStyle(AlphaStyle):
"Thumbs.db",
".DS_Store",
"notebooks/xclim_training",
+ "paper/paper.md",
"**.ipynb_checkpoints",
]
diff --git a/docs/index.rst b/docs/index.rst
index ed72572bd..4e7d551d1 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -41,6 +41,7 @@ Leveraging xarray and dask, users can easily bias-adjust climate simulations ove
authors
changes
+ security
references
.. toctree::
diff --git a/docs/security.rst b/docs/security.rst
new file mode 100644
index 000000000..f9a521969
--- /dev/null
+++ b/docs/security.rst
@@ -0,0 +1 @@
+.. mdinclude:: ../SECURITY.md
diff --git a/environment.yml b/environment.yml
index 48f96f614..7eb4742d7 100644
--- a/environment.yml
+++ b/environment.yml
@@ -65,6 +65,7 @@ dependencies:
- sphinx-autodoc-typehints
- sphinx-codeautolink
- sphinx-copybutton
+ - sphinx-mdinclude
- sphinx-rtd-theme >=1.0
- sphinxcontrib-bibtex
- tokenize-rt
diff --git a/pyproject.toml b/pyproject.toml
index fe5c6958e..d19cab425 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -98,6 +98,7 @@ dev = [
"sphinx-autodoc-typehints",
"sphinx-codeautolink",
"sphinx-copybutton",
+ "sphinx-mdinclude",
"sphinx-rtd-theme >=1.0",
"sphinxcontrib-bibtex",
"sphinxcontrib-svg2pdfconverter[Cairosvg]"