diff --git a/docs/src/content/docs/registry/policies.md b/docs/src/content/docs/registry/policies.md index 91f8cfd..707d467 100644 --- a/docs/src/content/docs/registry/policies.md +++ b/docs/src/content/docs/registry/policies.md @@ -3,64 +3,94 @@ title: Policies description: Policies for the pesde registry --- -If anything is unclear, please [contact us](#contact-us). and we will be happy +The following policies apply to the [official public pesde registry](https://registry.pesde.daimond113.com) +and its related services, such as the index repository or websites. +They may not apply to other registries. By using the pesde registry, you agree +to these policies. + +If anything is unclear, please [contact us](#contact-us), and we will be happy to help. ## Contact Us -You can contact us at [pesde@daimond113.com](malto:pesde@daimond113.com). +You can contact us at [pesde@daimond113.com](mailto:pesde@daimond113.com). In +case of a security issue, please prefix the subject with `[SECURITY]`. ## Permitted content -The pesde registry is a place for Luau packages. Examples of allowed content: +The pesde registry is a place for Luau-related packages. This includes: - Libraries - Frameworks +- Tools -Examples of disallowed content: +The following content is forbidden: -- Malicious code -- Illegal content +- Malicious, vulnerable code +- Illegal, harmful content +- Miscellaneous files (doesn't include configuration files, documentation, etc.) -pesde is not responsible for the content of packages. If you believe a package -is breaking these requirements, please [contact us](#contact-us). +pesde is not responsible for the content of packages, the scope owner is. It +is the responsibility of the scope owner to ensure that the content of their +packages is compliant with the permitted content policy. + +If you believe a package is breaking these requirements, please [contact us](#contact-us). ## Package removal -pesde does not support removing packages from the registry without a reason such -as security or complying with the law in order. In case a secret has been -published to the registry, it must be invalided. If you believe a package should -be removed, please [contact us](#contact-us). We will review your request and -take action if necessary. +pesde does not support removing packages for reasons such as abandonment. A +package may only be removed for the following reasons: + +- The package is breaking the permitted content policy +- The package contains security vulnerabilities +- The package must be removed for legal reasons (e.g. DMCA takedown) + +In case a secret has been published to the registry, it must be invalidated. +If you believe a package should be removed, please [contact us](#contact-us). +We will review your request and take action if necessary. If we find that a package is breaking the permitted content policy, we will -remove it from the registry without notice. +exercise our right to remove it from the registry without notice. pesde reserves the right to remove any package from the registry at any time for any or no reason, without notice. ## Package ownership -Packages are owned by scopes. The first person to publish to a scope owns it. If -you want to work as a team, the owner of the scope must send a pull request to -the index repository adding the members' user IDs to the scope's `scope.toml` -file. +Packages are owned by scopes. Scope ownership is determined by the first person +to publish a package to the scope. The owner of the scope may send a pull request +to the index repository adding team members' user IDs to the scope's `scope.toml` +file to give them access to the scope, however at least one package must be +published to the scope before this can be done. The owner may also remove team +members from the scope. + +A scope's true owner's ID must appear first in the `owners` field of the scope's +`scope.toml` file. Ownership may be transferred by the current owner sending a +pull request to the index repository, and the new owner confirming the transfer. + +Only the owner may add or remove team members from the scope. + +pesde reserves the right to override scope ownership in the case of a dispute, +such as if the original owner is unresponsive or multiple parties claim ownership. ## Scope squatting Scope squatting is the act of creating a scope with the intent of preventing -others from using it. Scope squatting is not allowed. If you believe a scope is -being squatted, please [contact us](#contact-us). We will review your request -and take action if necessary. +others from using it, without any intention of using it yourself. This is +forbidden and can result in the removal (release) of the scope and its packages +from the registry without notice. + +If you believe a scope is being squatted, please [contact us](#contact-us). +We will review your request and take action if necessary. ## API Usage -The pesde registry has an API for searching packages, downloading, and -publishing them. Only non-malicious use is permitted. Malicious uses include: +The pesde registry has an API for querying, downloading, and publishing packages. +Only non-malicious use is permitted. Malicious uses include: -- **Service Degradation**: this includes sending the registry an excessive - amount of requests -- **Exploitation**: this includes trying to break security of the registry in - order to gain unauthorized access to resources +- **Service Degradation**: this includes sending an excessive amount of requests + to the registry in order to degrade the service +- **Exploitation**: this includes trying to break the security of the registry + in order to gain unauthorized access - **Harmful content**: this includes publishing harmful (non-law compliant, purposefully insecure) content