replace governance documents with links to the cert-manager community…

… documents

Signed-off-by: Tim Ramlot <[email protected]>

CODE_OF_CONDUCT.md

@@ -1,46 +1,3 @@
-# Contributor Covenant Code of Conduct
+# Code of Conduct
 
-## Our Pledge
-
-In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
-
-## Our Standards
-
-Examples of behavior that contributes to creating a positive environment include:
-
-* Using welcoming and inclusive language
-* Being respectful of differing viewpoints and experiences
-* Gracefully accepting constructive criticism
-* Focusing on what is best for the community
-* Showing empathy towards other community members
-
-Examples of unacceptable behavior by participants include:
-
-* The use of sexualized language or imagery and unwelcome sexual attention or advances
-* Trolling, insulting/derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or electronic address, without explicit permission
-* Other conduct which could reasonably be considered inappropriate in a professional setting
-
-## Our Responsibilities
-
-Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
-
-Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
-
-## Scope
-
-This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
-
-## Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at [email protected]. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
-
-Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
-
-## Attribution
-
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
-
-[homepage]: http://contributor-covenant.org
-[version]: http://contributor-covenant.org/version/1/4/
+Please refer to the [cert-manager organisation Code of Conduct](https://github.com/cert-manager/community/blob/main/CODE_OF_CONDUCT.md).

GOVERNANCE.md

@@ -0,0 +1,3 @@
+# Project Governance
+
+Please refer to the [cert-manager organisation governance file](https://github.com/cert-manager/community/blob/main/GOVERNANCE.md).

SECURITY.md

@@ -1,72 +1,3 @@
-# Vulnerability Reporting Process
+# Security
 
-Security is the number one priority for cert-manager. If you think you've found a
-security vulnerability in a cert-manager project, you're in the right place.
-
-Our reporting procedure is a work-in-progress, and will evolve over time. We
-welcome advice, feedback and pull requests for improving our security
-reporting processes.
-
-## Covered Repositories and Issues
-
-When we say "a security vulnerability in cert-manager" we mean a security issue
-in any repository under the [cert-manger GitHub organization](https://github.com/cert-manager/).
-
-This reporting process is intended only for security issues in the cert-manager
-project itself, and doesn't apply to applications _using_ cert-manager or to
-issues which do not affect security.
-
-Broadly speaking, if the issue cannot be fixed by a change to one of the covered
-repositories above, then it might not be appropriate to use this reporting
-mechanism and a GitHub issue in the appropriate repo or a question in Slack
-might be a better choice.
-
-All that said, **if you're unsure** please reach out using this process before
-raising your issue through another channel. We'd rather err on the side of
-caution!
-
-### Explicitly Not Covered: Vulnerability Scanner Reports
-
-We do not accept reports which amount to copy and pasted output from a vulnerability
-scanning tool **unless** work has specifically been done to confirm that a vulnerability
-reported by the tool _actually exists_ in cert-manager or a cert-manager subproject.
-
-We make use of these tools ourselves and try to act on the output they produce; they
-can be useful! We tend to find, however, that when these reports are sent to our security
-mailing list they almost always represent false positives, since these tools tend to check
-for the presence of a library without considering how the library is used in context.
-
-If we receive a report which seems to simply be a vulnerability list from a scanner we
-reserve the right to ignore it.
-
-This applies especially when tools produce vulnerability identifiers which are not publicly
-visible or which are proprietary in some way. We can look up CVEs or other publicly-available
-identifiers for further details, but cannot do the same for proprietary identifiers.
-
-## Security Contacts
-
-The people who should have access to read your security report are listed in
-[`SECURITY_CONTACTS.md`](./SECURITY_CONTACTS.md)
-
-## Reporting Process
-
-1. Describe the issue in English, ideally with some example configuration or
-   code which allows the issue to be reproduced. Explain why you believe this
-   to be a security issue in cert-manager, if that's not obvious.
-2. Put that information into an email. Use a descriptive title.
-3. Send the email to [`[email protected]`](mailto:[email protected])
-
-## Response
-
-Response times could be affected by weekends, holidays, breaks or time zone
-differences. That said, the security response team will endeavour to reply as
-soon as possible, ideally within 3 working days.
-
-If the team concludes that the reported issue is indeed a security
-vulnerability in a cert-manager project, at least two members of the security
-response team will discuss the next steps together as soon as possible, ideally
-within 24 hours.
-
-As soon as the team decides that the report is of a genuine vulnerability,
-one of the team will respond to the reporter acknowledging the issue and
-establishing a disclosure timeline, which should be as soon as possible.
+Please refer to the [cert-manager organisation security document](https://github.com/cert-manager/community/blob/main/SECURITY.md).

SECURITY_CONTACTS.md

@@ -1,17 +1,3 @@
-# Security Contacts
+# Security contacts
 
-This file lists people who (should) have access to read security reports
-made via the cert-manager vulnerability reporting process.
-
-If you think you've found a security issue in cert-manager, don't reach
-out to any of these people individually - follow the details in
-SECURITY.md and report your vulnerability via e-mail.
-
-- [irbekrm](https://github.com/irbekrm)
-- [SgtCoDFish](https://github.com/SgtCoDFish)
-- [jakexks](https://github.com/jakexks)
-- [JoshVanL](https://github.com/JoshVanL)
-- [maelvls](https://github.com/maelvls)
-- [wallrj](https://github.com/wallrj)
-- [munnerz](https://github.com/munnerz)
-- [inteon](https://github.com/inteon)
+Please refer to the [cert-manager organisation security contacts](https://github.com/cert-manager/community/blob/main/SECURITY_CONTACTS.md).

USERS.md

@@ -1,32 +1,3 @@
-# cert-manager Users
+# Users
 
-We love hearing about it when people use and enjoy cert-manager!
-
-## Organization Users
-
-Please feel free to send PRs to add your org to the list, or to reach out to a maintainer with your details; they'll gladly add you!
-We'd love for you to share your cert-manager story with the world!
-
-| Organization | Usage | Links |
-| :----------: | :---: | :---: |
-| [<img src="https://static.atomist.com/logo/atomist-color-lockup-horiz-small.png" alt="Atomist" width="100"> ](https://atomist.com/) | Securing ingresses | [Kubernetes, ingress-nginx, cert-manager &amp; external-dns](https://blog.atomist.com/kubernetes-ingress-nginx-cert-manager-external-dns/) |
-| [<img src="https://raw.githubusercontent.com/cert-manager/website/50afb0436bc0e72d7d27cc4b1c0195d029a9704b/assets/icons/jetstack.svg" alt="Jetstack text" width="100"> ](https://jetstack.io) | Securing MySQL inside Kubernetes | [Blog](https://blog.jetstack.io/blog/securing-mysql-with-cert-manager/)  |
-| [<img src="https://media.jfrog.com/wp-content/uploads/2017/12/20133032/Jfrog-Logo.svg" alt="JFrog" width="100"> ](https://jfrog.com/) | Securing ingresses |  |
-| [<img src="https://www.urssaf.org/files/Logos/urssaf/logo.svg" width="100" alt="Urssaf Caisse nationale"> ](https://urssaf.org) | Securing ingresses | |
-| [<img src="https://avatars.githubusercontent.com/u/24900634?s=200&v=4" alt="Azusa Pacific University Logo" width="100"> ](https://www.apu.edu) | Securing Ingresses | [@azusapacificuniversity](https://github.com/azusapacificuniversity) [www.apu.edu](https://www.apu.edu) |
-| [<img src="https://www.diagrid.io/_next/static/media/logo.181bad37.svg" width="100" alt="Diagrid"> ](https://diagrid.io) | Securing ingresses and internal workloads | [@diagridio](https://github.com/diagridio) [Blog](https://www.diagrid.io/blog) |
-| [<img src="https://raw.githubusercontent.com/kubernetes-sigs/cluster-api/main/logos/kubernetes-cluster-logos_final-02.svg" alt="Cluster API" width="100"> ](https://cluster-api.sigs.k8s.io/) | Securing webhooks | [The Cluster API Book](https://cluster-api.sigs.k8s.io/) |
-| [<img src="https://cloudogu.com/images/logo.png" alt="Cloudogu Logo" width="100"> ](https://cloudogu.com) | Securing Ingresses | [@cloudogu](https://github.com/cloudogu) [Blog](https://platform.cloudogu.com/en/blog/) |
-| [<img src="https://raw.githubusercontent.com/metal3-io/metal3-docs/main/images/metal3.svg" alt="Metal³" width="100"> ](https://metal3.io/) | Securing webhooks and internal workloads | [metal3.io](https://metal3.io/) |
-| [<img src="https://senselabs.de/img/logo.svg" alt="SenseLabs" width="100">](https://senselabs.de) | Generating certificates and securing Ingresses | [SenseLabs](https://senselabs.de) |
-
-## Individuals
-
-As an open source project we welcome all kinds of users; please feel free to raise a PR to add yourself to the list.
-Plus, if you've written something about cert-manager throw in a link too for others to enjoy!
-
-| Name | GitHub | Usage | Links |
-| :--: | :----: | :---: | :---: |
-| Maartje Eyskens | [@meyskens](https://github.com/meyskens)     | Securing ingresses |  |
-| Noah Kantrowitz | [@coderanger](https://github.com/coderanger) | Many things!       | [Lessons Learned From Two Years Of Kubernetes](https://coderanger.net/lessons-learned/) |
-| Dipto Chakrabarty | [@DiptoChakrabarty](https://github.com/DiptoChakrabarty) | Securing Ingress | [Cert Manager in Kubernetes with external DNS provider](https://diptochakrabarty.medium.com/cert-manager-in-kubernetes-with-external-dns-provider-64ae5d7f577b) |
+Please refer to the [cert-manager organisation users list](https://github.com/cert-manager/community/blob/main/USERS.md).