Project policies
The GitHub policy files remain canonical because GitHub and external contributors expect them at stable repository paths. The docs site summarizes and links them instead of duplicating their full text.
| Policy | Canonical source | Drift-prevention decision |
|---|---|---|
| Contributing | .github/CONTRIBUTING.md | Canonical GitHub contributor onboarding. Docs-site developer pages link here and only summarize workflow-specific details. |
| Security policy | .github/SECURITY.md | Canonical private vulnerability reporting policy. Operator/security pages link here for disclosure details. |
| Trademarks | .github/TRADEMARKS.md | Canonical trademark and brand-use guidance. README attribution continues to link here. |
| Code of conduct | .github/CODE_OF_CONDUCT.md | Canonical community behavior policy for GitHub. |
Security policy
Section titled “Security policy”Ferrex vulnerabilities should be reported privately through GitHub Security Advisories when available or through the maintainer’s GitHub profile. Do not open public issues for vulnerabilities.
Contribution workflow
Section titled “Contribution workflow”Use the canonical Contributing guide for local setup, hooks, checks, and pull-request expectations. Detailed workflow pages in this docs site point back to that file when GitHub-facing contribution policy is the source of truth.