contributorcovenant / beacon Goto Github PK
View Code? Open in Web Editor NEWA code of conduct reporting and management system created by Coraline Ada Ehmke, the author of the Contributor Covenant.
License: Apache License 2.0
A code of conduct reporting and management system created by Coraline Ada Ehmke, the author of the Contributor Covenant.
License: Apache License 2.0
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
We need to track a given account's reputation.
Create a reputation system for accounts. Reputation is influenced by:
Disable all access to pages using a before action in application controller?
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Project owners will want to see aggregate statistics on issue satisfaction for their projects.
Display aggregate satisfaction ratings from reporters and respondents on the moderator's project dashboard.
Email is currently sent synchronously, as part of the request-response cycle.
Move email delivery to a background job.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Links within the footer don't have enough contrast, per WCAG 2.1 AA guidelines. This was determined using Axe and can be verified using any color contrast checking tool, such as the WebAIM color contrast checker.
Footer links have a contrast of 3.23 currently. The expected contrast ratio for text of this size is 4.5.
The colors of these elements should be updated to have more contrast. Alternatively, a bolder font or larger font size could be used, but I'd recommend updating the colors themselves. This is a necessary accessibility improvement for people with disabilities (such as color blindness and low-vision).
The watermark service is using an md5 hash on the viewing’s user email address.
An attacker who saw an image with the watermark could calculate what the watermark would look like on a list of known email addresses. Thus revealing the target user email address when there is a match (e.g. rainbow table with md5)
The list of target users is potentially quite small (participants of a project). It could be done in a resonable time even on larger projects.
Sent with GitHawk
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Some organizations may have a lot of projects in their GitLab portfolio, and adding them one at a time is not an optimal workflow.
Organization owners should be able to authenticate with GitLab and import their public projects, applying org-scoped preset configurations.
A clear and concise description of any alternative solutions or features you've considered.
Should imported projects require approval by Beacon admins?
Directory should be searchable, and have alphabetic pagination.
Hello! I am very intrigued by this (in progress) software. Is there anything that you can share with me about the software to-be?
Need to brainstorm the onboarding flow for events, and pricing model for large events.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
A clear and concise description of what you want to happen.
A clear and concise description of any alternative solutions or features you've considered.
Add any other context or screenshots about the feature request here.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Security is paramount.
Have an expert perform a security audit of Beacon.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Beacon may need to comply with GDPR requirements.
Someone with knowledge of GDPR requirements should audit Beacon and determine what would need to be done to comply with requests for personal information reporting or deletion.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Bad actors might create projects in Beacon that they do not actually own.
Require placing a token in a designated place based on the URL of the project. The presence of this file and its contents will be verified before a project can be made public.
The token and its instructions are already present in project setup; what's missing is the verification step. Note that if the project's URL changes, Beacon will invalidate the token check.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
A clear and concise description of what you want to happen.
A clear and concise description of any alternative solutions or features you've considered.
Add any other context or screenshots about the feature request here.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Links within the navigation don't have enough contrast, per WCAG 2.1 AA guidelines. This was determined using Axe and can be verified using any color contrast checking tool, such as the WebAIM color contrast checker.
Navigation links have a contrast of 3.33 currently.The expected contrast ratio for text of this size is 4.5.
The colors of these elements should be updated to have more contrast. Alternatively, a bolder font or larger font size could be used, but I'd recommend updating the colors themselves. This is a necessary accessibility improvement for people with disabilities (such as color blindness and low-vision).
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Users may want to contact Beacon administrators.
There should be a general-purpose 'Contact' form linked from the navigation bar.
The text on the form should make it clear that this form is not for reporting abuse, and provide instructions on how to report abuse.
It also needs a reCaptcha.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Especially when an issue is related to an event, moderators may want to be notified immediately of an issue being opened.
Allow moderators to sign up for SMS notifications on newly opened issues.
A clear and concise description of any alternative solutions or features you've considered.
Add any other context or screenshots about the feature request here.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Bad actors might create projects with abusive names or descriptions.
Email admins when a new project is created, or when a project's name changes. The subject line should contain the project name, and the body of the email should display the project description and provide a link to the project in the admin interface.
Note that email notifications are not required for projects with an associated organization.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Moderators may want to prevent low-reputation accounts from opening issues.
Give moderators a control to prevent low-reputation accounts from opening issues.
Prerequisite: #55
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
A clear and concise description of what you want to happen.
A clear and concise description of any alternative solutions or features you've considered.
Add any other context or screenshots about the feature request here.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Orange links on blue (for example, on the project directory page ) don't have enough contrast, per WCAG 2.1 AA guidelines. This was determined using Axe and can be verified using any color contrast checking tool, such as the WebAIM color contrast checker.
These links have a contrast of 1.98 currently. The expected contrast ratio for text of this size is 4.5.
The colors of these elements should be updated to have more contrast. Alternatively, a bolder font or larger font size could be used, but I'd recommend updating the colors themselves. This is a necessary accessibility improvement for people with disabilities (such as color blindness and low-vision).
An instance of this color combo used on the Project Directory page:
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Moderators need a way to establish a consensus plan for moving an issue to 'resolved' or 'dismissed'.
Allow org- or project-level consensus plans. Options may include:
A clear and concise description of any alternative solutions or features you've considered.
Add any other context or screenshots about the feature request here.
Based on user activity stats, alert admins if someone is doing something strange (an action made too many times within a timeframe?)
To secure Beacon against attacks from users trying to anonymize their activities, add environment variable configurations to prevent logins from Tor exit nodes and/or users behind a proxy.
https://security.stackexchange.com/questions/38498/detecting-tor-proxy-by-reading-request-headers
Check for header: https://en.wikipedia.org/wiki/X-Forwarded-For
To help stem abuse, make 2fa a thing on all sign-ins.
To prevent malicious actors from creating fake projects, projects should be reviewed and approved by a Beacon administrator prior to appearing in the public directory.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Some projects have multiple moderators.
A mechanism by which someone can invite another user to join the project's moderation team.
Invitations will be emailed. Invitees may or may not already have an account. Need limits on how many invitations can be sent per project per day to prevent spamming?
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Some users (especially at events) may be accessing Beacon using a mobile device.
Ensure that the interface is optimized for mobile use.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Moderators may have a problem with spammy or abusive issues and need a way to manage this.
Allow moderators to report a reporter as abusive or spammy, and notify Beacon administrators so that they can take action against the bad-faith reporter.
A clear and concise description of any alternative solutions or features you've considered.
Add any other context or screenshots about the feature request here.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Project moderators should be able to create a template to use when contacting respondents for the first time.
From the moderator's project page, link to a form for creating a respondent contact template. Then, when the moderator uses the form to contact a respondent for the first time, populate the text area with the template.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Bad actors may create a number of projects.
From the admin > accounts page, see a list of all projects associated with an account (the account is a moderator). Create a button to flag all of this account's projects at once.
Depends on #135
A clear and concise description of any alternative solutions or features you've considered.
Add any other context or screenshots about the feature request here.
Rather than using token files in a repo, project owners should be able to verify ownership via their GitHub or GitLab credentials.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Heading levels h1
, h3
, and h4
are skipped on the project directory page. The headings on the project cards use h5
tags. Also, there is no h1
present on the page.
h5
titles on the page should be changed to h2
headings. The h2
heading should be changed to h1
.
Heading levels should only increase by one on a page, with no heading levels skipped. This is an important accessibility fix for people who use screen readers. Learn more here.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Currently SMS notifications to project moderators are done as part of the request/response cycle when an issue is opened. This can cause delays and errors.
Set up a background job for SMS notifications.
A clear and concise description of any alternative solutions or features you've considered.
Add any other context or screenshots about the feature request here.
We need to have a way to create organizations that have many projects and many moderators.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Beacon should be accessible to all users, regardless of physical capability or limitations.
An accessibility specialist should review Beacon, and make recommendations or changes to make it fully accessible.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Orange buttons throughout the site don't have enough contrast, per WCAG 2.1 AA guidelines. This was determined using Axe and can be verified using any color contrast checking tool, such as the WebAIM color contrast checker.
The white text against orange has a contrast ratio of 3.4 curently. The expected contrast ratio for text of this size is 4.5.
The colors of these elements should be updated to have more contrast. Alternatively, a bolder font or larger font size could be used, but I'd recommend updating the colors themselves. This is a necessary accessibility improvement for people with disabilities (such as color blindness and low-vision).
This applies everywhere that orange buttons are used with white text, for example:
Visible in account admin: overall dashboard + drill down into a user's activities.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
A clear and concise description of what you want to happen.
A clear and concise description of any alternative solutions or features you've considered.
Add any other context or screenshots about the feature request here.
Without me knowing, my computer was making DNS queries to all the servers belonging to email addresses that were validated.
FactoryBot.create(:kate)
I expect requests to be made to known servers with a good reputation.
I initially saw this this because it took ~10s to create an account, while investigating a build failure on account creation.
Maybe this could be enabled in test / production, also the valid_email2
recommends stubbing the MX records calls in test env: https://github.com/micke/valid_email2#test-environment
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Relations between issues, reporters, and projects are encrypted using a central encryption key. It is a good practice to periodically rotate this encryption key.
Create a rake task that accepts a new and old encryption key, decrypts IDs using the old key, and re-encrypts using the new key.
A clear and concise description of any alternative solutions or features you've considered.
Add any other context or screenshots about the feature request here.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Reporters may want to exclude certain moderators from acting on their issue, for example if the issue is about that moderator's behavior or if there is a potential conflict of interest.
For projects with moderators displayed, add an option to exclude a moderator on the issue creation form.
A clear and concise description of any alternative solutions or features you've considered.
Add any other context or screenshots about the feature request here.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Project maintainers already have the ability to block a reporter, but they should also be able to report someone for abusive behavior to the Beacon administrators.
Add a link from the reporter and respondent pages (which can be accessed from the issue show page) to report an account for abuse.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Reporters want to be assured that their issue has been reported to project moderators.
Allow moderators to create an auto-responder email. Provide guidance related to sharing estimated turnaround time. Note that the auto-responder should be available at the org or project level, and Beacon should provide a default that can be customized by moderation teams.
A clear and concise description of any alternative solutions or features you've considered.
Add any other context or screenshots about the feature request here.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
To prevent spammy or otherwise malicious reporting of issues, moderators may want to require 3rd party verification of reporter accounts.
Add an option to project and organization setup for requiring 3rd party account verification. Determine if the reporter can open an issue based on this aspect of their account.
A clear and concise description of any alternative solutions or features you've considered.
Add any other context or screenshots about the feature request here.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Heading levels h2
through h4
are skipped on the homepage. The headings on the homepage cards use h5
tags.
h5
titles on the homepage should be changed to h2
headings.
Heading levels should only increase by one on a page, with no heading levels skipped. This is an important accessibility fix for people who use screen readers. Learn more here.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
People browsing the project directory should be able to see a rollup of statistics related to a given project.
Health report showing average time to respond, and overall satisfaction rating across various criteria (#57)
Dependent on #57
The reports should reflect a rolling 3-month activity to prevent abuse.
All contributions, including pull requests, issues, and comments, are governed by our code of conduct.
Some organizations may have a lot of projects in their GitHub portfolio, and adding them one at a time is not an optimal workflow.
Organization owners should be able to authenticate with GitHub or GitLab and import a selection of their public projects, applying org-scoped preset configurations.
A clear and concise description of any alternative solutions or features you've considered.
Should imported projects require approval by Beacon admins?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.