Add SECURITY.md, rename README.md, and fix stale repo URLs#242
Merged
garyo merged 2 commits intoJun 15, 2026
Merged
Conversation
Signed-off-by: Gary Oberbrunner <[email protected]>
There was a problem hiding this comment.
Pull request overview
This PR updates repository documentation and project metadata to address ASWF project health report findings by adding a security policy, standardizing README casing for GitHub, and refreshing stale repository/branch URLs throughout docs.
Changes:
- Added a root
SECURITY.mddescribing vulnerability reporting, supported versions, and the host/plug-in trust boundary. - Renamed/standardized
README.mdcasing and adjusted references to match. - Replaced stale
ofxa/openfxandmaster-branch links withAcademySoftwareFoundation/openfxandmainacross markdown, HTML, and Sphinx.rstdocs.
Reviewed changes
Copilot reviewed 21 out of 21 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| STANDARD_PROCESS.md | Updates the “Standard Change Proposal” issue-template link to the current GitHub org/repo. |
| SECURITY.md | Introduces a security policy and reporting process at the repo root. |
| scripts/build-cmake.sh | Updates error text to reference README.md (matching renamed file casing). |
| release-notes.md | Updates programming guide link to the current repo/branch. |
| README.md | Fixes stale links and ensures README is properly surfaced by GitHub via correct casing. |
| Documentation/sourceforge/index.html | Updates the repository link to the current GitHub org/repo and uses https. |
| CONTRIBUTING.md | Fixes stale issue tracker URLs, mailing list address, and adds a working SECURITY.md link. |
| Documentation/sources/Reference/suites/ofxDrawSuiteReference.rst | Updates header-source link from master to main. |
| Documentation/sources/Reference/ofxThreadSafety.rst | Updates header-source link to current org/repo/branch. |
| Documentation/sources/Reference/ofxStructure.rst | Updates header-source links to current org/repo/branch. |
| Documentation/sources/Reference/ofxStatusCodes.rst | Updates header-source link to current org/repo/branch. |
| Documentation/sources/Reference/ofxParameter.rst | Updates header-source link from master to main. |
| Documentation/sources/Reference/ofxImageEffectAPI.rst | Updates multiple header-source links and org/repo references. |
| Documentation/sources/Reference/ofxImageEffectActions.rst | Updates header-source links from master to main. |
| Documentation/sources/Reference/ofxImageClip.rst | Updates header-source link to current org/repo/branch. |
| Documentation/sources/Reference/ofxCoreAPI.rst | Updates header-source links from master to main. |
| Documentation/sources/Guide/ofxExamples.rst | Updates repo link to current GitHub org/repo. |
| Documentation/sources/Guide/ofxExample1_Basics.rst | Updates example source links from master to main. |
| Documentation/sources/Guide/ofxExample2_Invert.rst | Updates example source link from master to main. |
| Documentation/sources/Guide/ofxExample3_Gain.rst | Updates example source link from master to main. |
| Documentation/sources/Guide/ofxExample4_Saturation.rst | Updates example source link from master to main. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Gary Oberbrunner <[email protected]>
lgritz
approved these changes
Jun 14, 2026
lgritz
left a comment
lgritz
left a comment
There was a problem hiding this comment.
LGTM
I like the clear SECURITY guide, good discussion about the boundaries.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Addresses the OpenFX findings from the ASWF project health report.
Changes
SECURITY.md (new) — adds a security policy at the repo root: vulnerability reporting via GitHub private security advisories, a 5-business-day acknowledgment SLA, a supported-versions table, and an OpenFX-specific security model section (the host/plug-in trust boundary — plug-ins are native code loaded into the host process).
README — renamed
readme.md→README.mdso GitHub surfaces it automatically. This also repairs the already-uppercase references inconanfile.pyandpyproject.toml, and the casing reference inscripts/build-cmake.sh.CONTRIBUTING.md
github.com/ofxa/openfx→github.com/AcademySoftwareFoundation/openfx.[email protected]→[email protected].[SECURITY.md]reference to a working link now that the file exists.Repo-wide URL cleanup — replaced all remaining stale
ofxa/openfxreferences and updated repo-relative links from the oldmasterbranch tomainacrossREADME.md,STANDARD_PROCESS.md,release-notes.md,Documentation/sourceforge/index.html, and theDocumentation/sources/**/*.rstfiles (also upgraded onehttp://link tohttps://).After this change there are zero remaining
ofxa/openfxreferences and zeroopenfx/{blob,tree,raw}/masterlinks in the tree.