From 2fecd1ea644427c7f2a6f3afa78acb5f8952325a Mon Sep 17 00:00:00 2001
From: Trevor James Smith <10819524+Zeitsperre@users.noreply.github.com>
Date: Wed, 17 Jan 2024 16:52:29 -0500
Subject: [PATCH 1/7] Create SECURITY.md
---
SECURITY.md | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
create mode 100644 SECURITY.md
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..57be422a4
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,29 @@
+# Security Policy
+
+## Supported Versions
+
+`xclim` is in rapid development and receives regular updates every four to six (4-6) weeks. In the event of a security-related bug discovery soon after the release of an `xclim` version, the last supported version will receive a patch release.
+
+## Reporting a Vulnerability
+
+If you believe you have found a security vulnerability in `xclim`, we encourage you to let us know right away. We take all security vulnerabilities seriously and appreciate your efforts to responsibly disclose them.
+
+Please follow these steps to report a security vulnerability:
+
+1. **Email**: Send an email to [github-support@ouranos.ca](mailto:github-support@ouranos.ca) with a detailed description of the vulnerability. If applicable, please include any steps or a proof-of-concept to help us understand and reproduce the issue.
+
+2. **Encryption (Optional)**: If you are concerned about the sensitivity of the information you are sharing, you can use the PGP key found below to encrypt your communication.
+
+3. **Response**: We will acknowledge your email within 48 hours and work with you to understand and confirm the vulnerability.
+
+4. **Fix and Disclosure**: Once the vulnerability is confirmed, we will work to address it promptly. We appreciate your patience as we investigate and implement a fix. Once resolved, we will coordinate the disclosure and provide credit to the reporter unless they prefer to remain anonymous.
+
+## PGP Encryption Key
+
+You can use the following PGP key to encrypt your communications with us:
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+TODO: Add public key
+
+-----END PGP PUBLIC KEY BLOCK-----
From 12bc5c98b9344347e2d394f9ac61c6b39cc40c73 Mon Sep 17 00:00:00 2001
From: Trevor James Smith <10819524+Zeitsperre@users.noreply.github.com>
Date: Wed, 17 Jan 2024 18:12:26 -0500
Subject: [PATCH 2/7] update email in CODE_OF_CONDUCT.md
---
CODE_OF_CONDUCT.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
index 778e6dde5..5233d8519 100644
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -60,7 +60,7 @@ representative at an online or offline event.
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported to the community leaders responsible for enforcement at
-support@ouranos.ca.
+[github-support@ouranos.ca](mailto:github-support@ouranos.ca).
All complaints will be reviewed and investigated promptly and fairly.
All community leaders are obligated to respect the privacy and security of the
From fdf17442ec8e741de918513af3a17a68b641a9ac Mon Sep 17 00:00:00 2001
From: Trevor James Smith <10819524+Zeitsperre@users.noreply.github.com>
Date: Thu, 18 Jan 2024 16:15:14 -0500
Subject: [PATCH 3/7] add public PGP key
---
SECURITY.md | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/SECURITY.md b/SECURITY.md
index 57be422a4..e1ee3cfb7 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -10,7 +10,7 @@ If you believe you have found a security vulnerability in `xclim`, we encourage
Please follow these steps to report a security vulnerability:
-1. **Email**: Send an email to [github-support@ouranos.ca](mailto:github-support@ouranos.ca) with a detailed description of the vulnerability. If applicable, please include any steps or a proof-of-concept to help us understand and reproduce the issue.
+1. **Email**: Email [github-support@ouranos.ca](mailto:github-support@ouranos.ca) with a detailed description of the vulnerability. If applicable, please include any steps or a proof-of-concept to help us understand and reproduce the issue.
2. **Encryption (Optional)**: If you are concerned about the sensitivity of the information you are sharing, you can use the PGP key found below to encrypt your communication.
@@ -24,6 +24,15 @@ You can use the following PGP key to encrypt your communications with us:
-----BEGIN PGP PUBLIC KEY BLOCK-----
-TODO: Add public key
-
+mDMEZamQrhYJKwYBBAHaRw8BAQdA+saPvmvr1MYe1nQy3n3QDcRE9T7UzTJ1XH31
+EI4Zb6u0Mk91cmFub3MgR2l0SHViIFN1cHBvcnQgPGdpdGh1Yi1zdXBwb3J0QG91
+cmFub3MuY2E+iJkEExYKAEEWIQSeAu+Cbjupx79jy9VeVFD6o5TVcwUCZamQrgIb
+AwUJCWYBgAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRBeVFD6o5TVc4ho
+AQDXjDkx0b3A7yl6PQ4hBJ2uYzw0UWbml7mUwVdhMmdZkQD/VJZQNWrCQeOtYEM8
+icZJYwR/OsKFOWqlDytusGGtjwa4OARlqZCuEgorBgEEAZdVAQUBAQdAa41Zabjz
+P9O+p6tI69Cnft6U5om3+qCcMo8amTqauH0DAQgHiH4EGBYKACYWIQSeAu+Cbjup
+x79jy9VeVFD6o5TVcwUCZamQrgIbDAUJCWYBgAAKCRBeVFD6o5TVcwmaAQClDxW6
+2gir7lhRXAcO+vmRImpGd29TrkcQVh+ak7VlwQEA706d7Kusiorlf/h8pLSoNMmS
+kuLGmHpUJ8NVGppU+wo=
+=wuxr
-----END PGP PUBLIC KEY BLOCK-----
From a1cea00953c3594ab4d23ca97424d63331db4b13 Mon Sep 17 00:00:00 2001
From: Zeitsperre <10819524+Zeitsperre@users.noreply.github.com>
Date: Tue, 23 Jan 2024 10:23:16 -0500
Subject: [PATCH 4/7] update CHANGES.rst
---
CHANGES.rst | 1 +
1 file changed, 1 insertion(+)
diff --git a/CHANGES.rst b/CHANGES.rst
index 416ae2c8f..b68e341bf 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -10,6 +10,7 @@ Announcements
^^^^^^^^^^^^^
* `xclim` now adheres to the `Semantic Versioning 2.0.0 `_ specification. (:issue:`1556`, :pull:`1569`).
* The `xclim` repository now uses `GitHub Discussions `_ to offer help for users, coordinate translation efforts, and support general Q&A for the `xclim` community. The `xclim` `Gitter` room has been deprecated in favour of GitHub Discussions. (:issue:`1571`, :pull:`1572`).
+* For secure correspondence, `xclim` now offers a PGP key for users to encrypt sensitive communications. For more information, see the ``SECURITY.md`. (:issue:`1181`, :pull:`1604`).
New features and enhancements
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
From 0b04a4cb5d594f26b1c38300d6fef7ea8cba5baa Mon Sep 17 00:00:00 2001
From: Zeitsperre <10819524+Zeitsperre@users.noreply.github.com>
Date: Tue, 23 Jan 2024 15:38:22 -0500
Subject: [PATCH 5/7] fix docs typo
---
CHANGES.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/CHANGES.rst b/CHANGES.rst
index 4ccad83a6..672869384 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -11,7 +11,7 @@ Announcements
* `xclim` now officially supports Python3.12 (requires `numba>=0.59.0`). (:pull:`1613`).
* `xclim` now adheres to the `Semantic Versioning 2.0.0 `_ specification. (:issue:`1556`, :pull:`1569`).
* The `xclim` repository now uses `GitHub Discussions `_ to offer help for users, coordinate translation efforts, and support general Q&A for the `xclim` community. The `xclim` `Gitter` room has been deprecated in favour of GitHub Discussions. (:issue:`1571`, :pull:`1572`).
-* For secure correspondence, `xclim` now offers a PGP key for users to encrypt sensitive communications. For more information, see the ``SECURITY.md`. (:issue:`1181`, :pull:`1604`).
+* For secure correspondence, `xclim` now offers a PGP key for users to encrypt sensitive communications. For more information, see the ``SECURITY.md``. (:issue:`1181`, :pull:`1604`).
New features and enhancements
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
From 28a52d3540fcf2304a63f6b83dfdd293452f9a0a Mon Sep 17 00:00:00 2001
From: Zeitsperre <10819524+Zeitsperre@users.noreply.github.com>
Date: Tue, 23 Jan 2024 16:29:34 -0500
Subject: [PATCH 6/7] add security.rst to docs, unblock some URLs
---
.github/workflows/main.yml | 2 ++
SECURITY.md | 2 ++
docs/index.rst | 1 +
docs/security.rst | 46 ++++++++++++++++++++++++++++++++++++++
4 files changed, 51 insertions(+)
create mode 100644 docs/security.rst
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index d03342841..5be0702c5 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -84,6 +84,8 @@ jobs:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
+ api.github.com:443
+ dap.service.does.not.exist:443
files.pythonhosted.org:443
github.com:443
pypi.org:443
diff --git a/SECURITY.md b/SECURITY.md
index e1ee3cfb7..19c730c2d 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,5 +1,7 @@
# Security Policy
+[//]: # (ATTENTION: This is the Markdown version of docs/security.rst. Any changes should also be made in the ReStructuredText version.)
+
## Supported Versions
`xclim` is in rapid development and receives regular updates every four to six (4-6) weeks. In the event of a security-related bug discovery soon after the release of an `xclim` version, the last supported version will receive a patch release.
diff --git a/docs/index.rst b/docs/index.rst
index ed72572bd..4e7d551d1 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -41,6 +41,7 @@ Leveraging xarray and dask, users can easily bias-adjust climate simulations ove
authors
changes
+ security
references
.. toctree::
diff --git a/docs/security.rst b/docs/security.rst
new file mode 100644
index 000000000..e8511e81e
--- /dev/null
+++ b/docs/security.rst
@@ -0,0 +1,46 @@
+===============
+Security Policy
+===============
+
+..
+ This is the ReStructuredText version of SECURITY.md. Any changes should also be made in the Markdown version.
+
+Supported Versions
+==================
+
+`xclim` is in rapid development and receives regular updates every four to six (4-6) weeks. In the event of a security-related bug discovery soon after the release of an `xclim` version, the last supported version will receive a patch release.
+
+Reporting a Vulnerability
+=========================
+
+If you believe you have found a security vulnerability in `xclim`, we encourage you to let us know right away. We take all security vulnerabilities seriously and appreciate your efforts to responsibly disclose them.
+
+Please follow these steps to report a security vulnerability:
+
+#. **Email**: Email `github-support@ouranos.ca `_ with a detailed description of the vulnerability. If applicable, please include any steps or a proof-of-concept to help us understand and reproduce the issue.
+
+#. **Encryption (Optional)**: If you are concerned about the sensitivity of the information you are sharing, you can use the PGP key found below to encrypt your communication.
+
+#. **Response**: We will acknowledge your email within 48 hours and work with you to understand and confirm the vulnerability.
+
+#. **Fix and Disclosure**: Once the vulnerability is confirmed, we will work to address it promptly. We appreciate your patience as we investigate and implement a fix. Once resolved, we will coordinate the disclosure and provide credit to the reporter unless they prefer to remain anonymous.
+
+PGP Encryption Key
+==================
+
+You can use the following PGP key to encrypt your communications with us::
+
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+ mDMEZamQrhYJKwYBBAHaRw8BAQdA+saPvmvr1MYe1nQy3n3QDcRE9T7UzTJ1XH31
+ EI4Zb6u0Mk91cmFub3MgR2l0SHViIFN1cHBvcnQgPGdpdGh1Yi1zdXBwb3J0QG91
+ cmFub3MuY2E+iJkEExYKAEEWIQSeAu+Cbjupx79jy9VeVFD6o5TVcwUCZamQrgIb
+ AwUJCWYBgAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRBeVFD6o5TVc4ho
+ AQDXjDkx0b3A7yl6PQ4hBJ2uYzw0UWbml7mUwVdhMmdZkQD/VJZQNWrCQeOtYEM8
+ icZJYwR/OsKFOWqlDytusGGtjwa4OARlqZCuEgorBgEEAZdVAQUBAQdAa41Zabjz
+ P9O+p6tI69Cnft6U5om3+qCcMo8amTqauH0DAQgHiH4EGBYKACYWIQSeAu+Cbjup
+ x79jy9VeVFD6o5TVcwUCZamQrgIbDAUJCWYBgAAKCRBeVFD6o5TVcwmaAQClDxW6
+ 2gir7lhRXAcO+vmRImpGd29TrkcQVh+ak7VlwQEA706d7Kusiorlf/h8pLSoNMmS
+ kuLGmHpUJ8NVGppU+wo=
+ =wuxr
+ -----END PGP PUBLIC KEY BLOCK-----
From 2aee09b14d855c07f23f80dfc1c6c61d396a37bb Mon Sep 17 00:00:00 2001
From: Trevor James Smith <10819524+Zeitsperre@users.noreply.github.com>
Date: Thu, 25 Jan 2024 17:50:56 -0500
Subject: [PATCH 7/7] use sphinx-mdinclude to not duplicate SECURITY.md
---
SECURITY.md | 30 ++++++++++++++----------------
docs/conf.py | 4 +++-
docs/security.rst | 47 +----------------------------------------------
environment.yml | 1 +
pyproject.toml | 1 +
5 files changed, 20 insertions(+), 63 deletions(-)
diff --git a/SECURITY.md b/SECURITY.md
index 19c730c2d..6f1c898b2 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,7 +1,5 @@
# Security Policy
-[//]: # (ATTENTION: This is the Markdown version of docs/security.rst. Any changes should also be made in the ReStructuredText version.)
-
## Supported Versions
`xclim` is in rapid development and receives regular updates every four to six (4-6) weeks. In the event of a security-related bug discovery soon after the release of an `xclim` version, the last supported version will receive a patch release.
@@ -24,17 +22,17 @@ Please follow these steps to report a security vulnerability:
You can use the following PGP key to encrypt your communications with us:
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mDMEZamQrhYJKwYBBAHaRw8BAQdA+saPvmvr1MYe1nQy3n3QDcRE9T7UzTJ1XH31
-EI4Zb6u0Mk91cmFub3MgR2l0SHViIFN1cHBvcnQgPGdpdGh1Yi1zdXBwb3J0QG91
-cmFub3MuY2E+iJkEExYKAEEWIQSeAu+Cbjupx79jy9VeVFD6o5TVcwUCZamQrgIb
-AwUJCWYBgAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRBeVFD6o5TVc4ho
-AQDXjDkx0b3A7yl6PQ4hBJ2uYzw0UWbml7mUwVdhMmdZkQD/VJZQNWrCQeOtYEM8
-icZJYwR/OsKFOWqlDytusGGtjwa4OARlqZCuEgorBgEEAZdVAQUBAQdAa41Zabjz
-P9O+p6tI69Cnft6U5om3+qCcMo8amTqauH0DAQgHiH4EGBYKACYWIQSeAu+Cbjup
-x79jy9VeVFD6o5TVcwUCZamQrgIbDAUJCWYBgAAKCRBeVFD6o5TVcwmaAQClDxW6
-2gir7lhRXAcO+vmRImpGd29TrkcQVh+ak7VlwQEA706d7Kusiorlf/h8pLSoNMmS
-kuLGmHpUJ8NVGppU+wo=
-=wuxr
------END PGP PUBLIC KEY BLOCK-----
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+ mDMEZamQrhYJKwYBBAHaRw8BAQdA+saPvmvr1MYe1nQy3n3QDcRE9T7UzTJ1XH31
+ EI4Zb6u0Mk91cmFub3MgR2l0SHViIFN1cHBvcnQgPGdpdGh1Yi1zdXBwb3J0QG91
+ cmFub3MuY2E+iJkEExYKAEEWIQSeAu+Cbjupx79jy9VeVFD6o5TVcwUCZamQrgIb
+ AwUJCWYBgAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRBeVFD6o5TVc4ho
+ AQDXjDkx0b3A7yl6PQ4hBJ2uYzw0UWbml7mUwVdhMmdZkQD/VJZQNWrCQeOtYEM8
+ icZJYwR/OsKFOWqlDytusGGtjwa4OARlqZCuEgorBgEEAZdVAQUBAQdAa41Zabjz
+ P9O+p6tI69Cnft6U5om3+qCcMo8amTqauH0DAQgHiH4EGBYKACYWIQSeAu+Cbjup
+ x79jy9VeVFD6o5TVcwUCZamQrgIbDAUJCWYBgAAKCRBeVFD6o5TVcwmaAQClDxW6
+ 2gir7lhRXAcO+vmRImpGd29TrkcQVh+ak7VlwQEA706d7Kusiorlf/h8pLSoNMmS
+ kuLGmHpUJ8NVGppU+wo=
+ =wuxr
+ -----END PGP PUBLIC KEY BLOCK-----
diff --git a/docs/conf.py b/docs/conf.py
index 22ef76a68..1ff6daeb0 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -103,6 +103,7 @@
"sphinx_autodoc_typehints",
"sphinx_codeautolink",
"sphinx_copybutton",
+ "sphinx_mdinclude",
"sphinx_rtd_theme",
]
@@ -248,7 +249,7 @@ class XCStyle(AlphaStyle):
# the built documents.
#
# The short X.Y version.
-version = xclim.__version__
+version = xclim.__version__.split("-")[0]
# The full version, including alpha/beta/rc tags.
release = xclim.__version__
@@ -267,6 +268,7 @@ class XCStyle(AlphaStyle):
"Thumbs.db",
".DS_Store",
"notebooks/xclim_training",
+ "paper/paper.md",
"**.ipynb_checkpoints",
]
diff --git a/docs/security.rst b/docs/security.rst
index e8511e81e..f9a521969 100644
--- a/docs/security.rst
+++ b/docs/security.rst
@@ -1,46 +1 @@
-===============
-Security Policy
-===============
-
-..
- This is the ReStructuredText version of SECURITY.md. Any changes should also be made in the Markdown version.
-
-Supported Versions
-==================
-
-`xclim` is in rapid development and receives regular updates every four to six (4-6) weeks. In the event of a security-related bug discovery soon after the release of an `xclim` version, the last supported version will receive a patch release.
-
-Reporting a Vulnerability
-=========================
-
-If you believe you have found a security vulnerability in `xclim`, we encourage you to let us know right away. We take all security vulnerabilities seriously and appreciate your efforts to responsibly disclose them.
-
-Please follow these steps to report a security vulnerability:
-
-#. **Email**: Email `github-support@ouranos.ca `_ with a detailed description of the vulnerability. If applicable, please include any steps or a proof-of-concept to help us understand and reproduce the issue.
-
-#. **Encryption (Optional)**: If you are concerned about the sensitivity of the information you are sharing, you can use the PGP key found below to encrypt your communication.
-
-#. **Response**: We will acknowledge your email within 48 hours and work with you to understand and confirm the vulnerability.
-
-#. **Fix and Disclosure**: Once the vulnerability is confirmed, we will work to address it promptly. We appreciate your patience as we investigate and implement a fix. Once resolved, we will coordinate the disclosure and provide credit to the reporter unless they prefer to remain anonymous.
-
-PGP Encryption Key
-==================
-
-You can use the following PGP key to encrypt your communications with us::
-
- -----BEGIN PGP PUBLIC KEY BLOCK-----
-
- mDMEZamQrhYJKwYBBAHaRw8BAQdA+saPvmvr1MYe1nQy3n3QDcRE9T7UzTJ1XH31
- EI4Zb6u0Mk91cmFub3MgR2l0SHViIFN1cHBvcnQgPGdpdGh1Yi1zdXBwb3J0QG91
- cmFub3MuY2E+iJkEExYKAEEWIQSeAu+Cbjupx79jy9VeVFD6o5TVcwUCZamQrgIb
- AwUJCWYBgAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRBeVFD6o5TVc4ho
- AQDXjDkx0b3A7yl6PQ4hBJ2uYzw0UWbml7mUwVdhMmdZkQD/VJZQNWrCQeOtYEM8
- icZJYwR/OsKFOWqlDytusGGtjwa4OARlqZCuEgorBgEEAZdVAQUBAQdAa41Zabjz
- P9O+p6tI69Cnft6U5om3+qCcMo8amTqauH0DAQgHiH4EGBYKACYWIQSeAu+Cbjup
- x79jy9VeVFD6o5TVcwUCZamQrgIbDAUJCWYBgAAKCRBeVFD6o5TVcwmaAQClDxW6
- 2gir7lhRXAcO+vmRImpGd29TrkcQVh+ak7VlwQEA706d7Kusiorlf/h8pLSoNMmS
- kuLGmHpUJ8NVGppU+wo=
- =wuxr
- -----END PGP PUBLIC KEY BLOCK-----
+.. mdinclude:: ../SECURITY.md
diff --git a/environment.yml b/environment.yml
index 48f96f614..7eb4742d7 100644
--- a/environment.yml
+++ b/environment.yml
@@ -65,6 +65,7 @@ dependencies:
- sphinx-autodoc-typehints
- sphinx-codeautolink
- sphinx-copybutton
+ - sphinx-mdinclude
- sphinx-rtd-theme >=1.0
- sphinxcontrib-bibtex
- tokenize-rt
diff --git a/pyproject.toml b/pyproject.toml
index fe5c6958e..d19cab425 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -98,6 +98,7 @@ dev = [
"sphinx-autodoc-typehints",
"sphinx-codeautolink",
"sphinx-copybutton",
+ "sphinx-mdinclude",
"sphinx-rtd-theme >=1.0",
"sphinxcontrib-bibtex",
"sphinxcontrib-svg2pdfconverter[Cairosvg]"