Add missing legal documentation

77a47cc4 · André Gomes · e38fb36d · 77a47cc4 · 77a47cc4 · 77a47cc4
Commit 77a47cc4 authored 3 months ago by André Gomes
--- a/NOTICE.md
+++ b/NOTICE.md
+<!--
+ * Copyright (c) 2025 The Eclipse Foundation
+ * 
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ * 
+ * SPDX-FileType: DOCUMENTATION
+ * SPDX-FileCopyrightText: 2025 The Eclipse Foundation
+ * SPDX-License-Identifier: EPL-2.0
+-->
+
+# Notices for Eclipse Dash
+
+This content is produced and maintained by the Eclipse Dash project.
+
+* Project home: https://projects.eclipse.org/projects/technology.dash
+
+## Trademarks
+
+Eclipse Dash is a trademark of the Eclipse Foundation.
+
+## Copyright
+
+All content is the property of the respective authors or their employers. For
+more information regarding authorship of content, please consult the listed
+source code repository logs.
+
+## Declared Project Licenses
+
+This program and the accompanying materials are made available under the terms
+of the Eclipse Public License v. 2.0 which is available at
+https://www.eclipse.org/legal/epl-2.0.
+
+SPDX-License-Identifier: EPL-2.0
+
+## Source Code
+
+The project maintains the following source code repositories:
+
+* https://github.com/eclipse-dash/.github
+* https://github.com/eclipse-dash/dash-licenses
+* https://github.com/eclipse-dash/nodejs-wrapper
+* https://github.com/eclipse-dash/quevee
+* https://gitlab.eclipse.org/eclipse/technology/dash/dash.git
+* https://gitlab.eclipse.org/eclipse/technology/dash/eclipse-api-for-java.git
+* https://gitlab.eclipse.org/eclipse/technology/dash/eclipse-project-code.git
+* https://gitlab.eclipse.org/eclipse/technology/dash/ip-analysis.git
+* https://gitlab.eclipse.org/eclipse/technology/dash/license-tool/nodejs-wrapper.git
+* https://gitlab.eclipse.org/eclipse/technology/dash/org.eclipse.dash.handbook.git
+
+## Cryptography
+
+Content may contain encryption software. The country in which you are currently
+may have restrictions on the import, possession, and use, and/or re-export to
+another country, of encryption software. BEFORE using any encryption software,
+please check the country's laws, regulations and policies concerning the import,
+possession, or use, and re-export of encryption software, to see if this is
+permitted.
--- a/REUSE.toml
+++ b/REUSE.toml
@@ -71,8 +71,17 @@ path = "CHANGELOG.md"
 SPDX-FileCopyrightText = "2025 The Eclipse Foundation"
 SPDX-License-Identifier = "EPL-2.0"

-
 [[annotations]]
 path = "CONTRIBUTING.md"
 SPDX-FileCopyrightText = "2025 The Eclipse Foundation"
 SPDX-License-Identifier = "EPL-2.0"
+
+[[annotations]]
+path = "NOTICE.md"
+SPDX-FileCopyrightText = "2025 The Eclipse Foundation"
+SPDX-License-Identifier = "EPL-2.0"
+
+[[annotations]]
+path = "SECURITY.md"
+SPDX-FileCopyrightText = "2025 The Eclipse Foundation"
+SPDX-License-Identifier = "EPL-2.0"
--- a/SECURITY.md
+++ b/SECURITY.md
+<!--
+ * Copyright (c) 2025 The Eclipse Foundation
+ * 
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ * 
+ * SPDX-FileType: DOCUMENTATION
+ * SPDX-FileCopyrightText: 2025 The Eclipse Foundation
+ * SPDX-License-Identifier: EPL-2.0
+-->
+
+# Security Policy
+
+This Eclipse Foundation Project adheres to the [Eclipse Foundation Vulnerability Reporting Policy](https://www.eclipse.org/security/policy/).
+
+## How To Report a Vulnerability
+
+If you think you have found a vulnerability in this repository, please report it to us through coordinated disclosure.
+
+**Please do not report security vulnerabilities through public issues, discussions, or change requests.**
+
+Instead, report it using one of the following ways:
+
+* Contact the [Eclipse Foundation Security Team](mailto:security@eclipse-foundation.org) via email
+* Create a [confidential issue](https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/new?issuable_template=new_vulnerability) in the Eclipse Foundation Vulnerability Reporting Tracker
+
+You can find more information about reporting and disclosure at the [Eclipse Foundation Security page](https://www.eclipse.org/security/).
+
+Please include as much of the information listed below as you can to help us better understand and resolve the issue:
+
+* The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)
+* Affected version(s)
+* Impact of the issue, including how an attacker might exploit the issue
+* Step-by-step instructions to reproduce the issue
+* The location of the affected source code (tag/branch/commit or direct URL)
+* Full paths of source file(s) related to the manifestation of the issue
+* Configuration required to reproduce the issue
+* Log files that are related to this issue (if possible)
+* Proof-of-concept or exploit code (if possible)
+
+This information will help us triage your report more quickly.
+
+## Supported Versions
+
+<!--
+    Which releases of the project's software are actively maintained and receive security updates?
+-->
+Supported versions are:
+
+* main branch