Merge pull request github#528 from github/acceptable-use-community-gu…

…idelines-updates Acceptable Use Policies and Community Guidelines updates
Addymae1010 · Mar 14, 2022 · 24710f9 · 24710f9
2 parents 6dd4371 + abd48ea
commit 24710f9
Show file tree

Hide file tree

Showing 11 changed files with 259 additions and 108 deletions.
diff --git a/Policies/github-acceptable-use-policies.md b/Policies/github-acceptable-use-policies.md
@@ -9,66 +9,69 @@ topics:
   - Legal
 ---
 
-**Short version:** _We host a wide variety of collaborative projects from all over the world, and that collaboration only works when our users are able to work together in good faith. While using the Service, you must comply with our Acceptable Use Policies, which include some restrictions on content you can post, conduct on the service, and other limitations. In short, be excellent to each other._
+**Short version:** _We host a wide variety of collaborative projects from all over the world, and that collaboration only works when our users are able to work together in good faith. While using the Service, you must comply with our Acceptable Use Policies, which include some restrictions on content and conduct on GitHub related to user safety, intellectual property, privacy, authenticity, and other limitations. In short, be excellent to each other._
 
 Capitalized terms used but not defined in these Acceptable Use Policies have the meanings assigned to them in our [Terms of Service](/articles/github-terms-of-service), [Corporate Terms of Service](/articles/github-corporate-terms-of-service), and [Privacy Statement](/articles/github-privacy-statement). For customers subject to the [Corporate Terms of Service](/articles/github-corporate-terms-of-service), "you" and "your" refer to "Customer" or "Users". "We", "us", "our" refer to "GitHub".
 
 ## 1. Compliance with Laws and Regulations
 You are responsible for using the Service in compliance with all applicable laws, regulations, and all of our Acceptable Use Policies. These policies may be updated from time to time and are provided below, as well as in our [Terms of Service](/articles/github-terms-of-service) and [Corporate Terms of Service](/articles/github-corporate-terms-of-service).
 
-## 2. Content Restrictions
-Under no circumstances will Users upload, post, host, execute, or transmit any Content that:
+## 2. User Safety
+We do not allow content or activity on GitHub that:
 
 - is unlawful or promotes unlawful activities;
 
-- is or contains [sexually obscene content](/github/site-policy/github-community-guidelines#sexually-obscene-content);
+- is [sexually obscene](/github/site-policy/github-sexually-obscene-content) or relates to sexual exploitation or abuse, including of minors;
 
 - is libelous, defamatory, or fraudulent;
 
-- is [discriminatory or abusive](/github/site-policy/github-community-guidelines#hate-speech-and-discrimination) toward any individual or group;
+- is [discriminatory or abusive](/github/site-policy/github-hate-speech-and-discrimination) toward any individual or group;
 
-- [gratuitously depicts or glorifies violence](/github/site-policy/github-community-guidelines#gratuitously-violent-content), including violent images;
+- is [false, inaccurate, or intentionally deceptive information](/github/site-policy/github-misinformation-and-disinformation) and likely to adversely affect the public interest (including health, safety, election integrity, and civic participation);
 
-- is or contains [false, inaccurate, or intentionally deceptive information](/github/site-policy/github-community-guidelines#misinformation-and-disinformation) that is likely to adversely affect the public interest (including health, safety, election integrity, and civic participation);
+- [harasses or abuses](/github/site-policy/github-bullying-and-harassment) another individual or group, including our employees, officers, and agents, or other users;
 
-- directly supports [unlawful active attack or malware campaigns](/github/site-policy/github-community-guidelines#active-malware-or-exploits) that are causing technical harms — such as using our platform to deliver malicious executables or as attack infrastructure, for example by organizing denial of service attacks or managing command and control servers — with no implicit or explicit dual-use purpose prior to the abuse occurring; or
+- [threatens or incites violence](/github/site-policy/github-threats-of-violence-and-gratuitously-violent-content) toward any individual or group, especially on the basis of who they are; 
 
-- shares unauthorized product licensing keys, software for generating unauthorized product licensing keys, or software for bypassing checks for product licensing keys, including extension of a free license beyond its trial period; or
+- [gratuitously depicts or glorifies violence](/github/site-policy/github-threats-of-violence-and-gratuitously-violent-content), including violent images; or
 
-- infringes any proprietary right of any party, including patent, trademark, trade secret, copyright, right of publicity, or other right.
+- is off-topic, or interacts with platform features in a way that significantly or repeatedly [disrupts the experience of other users](/github/site-policy/github-disrupting-the-experience-of-other-users).
 
-Please see our [Community Guidelines](/github/site-policy/github-community-guidelines#what-is-not-allowed) for more details.
 
-## 3. Conduct Restrictions
-While using the Service, under no circumstances will you:
+## 3. Intellectual Property, Authenticity, and Private Information
+We do not allow content or activity on GitHub that:
 
-- [harass, abuse](/github/site-policy/github-community-guidelines#bullying-and-harassment), [threaten, or incite violence](/github/site-policy/github-community-guidelines#threats-of-violence) towards any individual or group, including our employees, officers, and agents, or other users;
+- infringes any proprietary right of any party, including patent, trademark, trade secret, copyright, right of publicity, or other right;
 
-- post off-topic content, or interact with platform features, in a way that significantly or repeatedly [disrupts the experience of other users](/github/site-policy/github-community-guidelines#disrupting-the-experience-of-other-users);
+- unlawfully shares unauthorized product licensing keys, software for generating unauthorized product licensing keys, or software for bypassing checks for product licensing keys, including extension of a free license beyond its trial period;
 
-- use our servers for any form of [excessive automated bulk activity](/github/site-policy/github-acceptable-use-policies#4-spam-and-inauthentic-activity-on-github) (for example, spamming or cryptocurrency mining), to place undue burden on our servers through automated means, or to relay any form of unsolicited advertising or solicitation through our servers, such as get-rich-quick schemes;
+- [impersonates any person or entity](/github/site-policy/github-impersonation), including any of our employees or representatives, including through false association with GitHub, or by fraudulently misrepresenting your identity or site's purpose; or
 
-- use our servers to disrupt or to attempt to disrupt, or to gain or to attempt to gain unauthorized access to, any service, device, data, account or network (unless authorized by the [GitHub Bug Bounty program](https://bounty.github.com));
-
-- [impersonate any person or entity](/github/site-policy/github-community-guidelines#impersonation), including any of our employees or representatives, including through false association with GitHub, or by fraudulently misrepresenting your identity or site's purpose; or
-
-- [violate the privacy of any third party](/github/site-policy/github-community-guidelines#doxxing-and-invasion-of-privacy), such as by posting another person's personal information without consent.
-
-Please see our [Community Guidelines](/github/site-policy/github-community-guidelines#what-is-not-allowed) for more details.
+- [violates the privacy of any third party](/github/site-policy/github-doxxing-and-invasion-of-privacy), such as by posting another person's personal information without consent.
 
 ## 4. Spam and Inauthentic Activity on GitHub
-Automated excessive bulk activity and coordinated inauthentic activity, such as spamming, are prohibited on GitHub. Prohibited activities include:
-* bulk distribution of promotions and advertising prohibited by GitHub terms and policies
-* inauthentic interactions, such as fake accounts and automated inauthentic activity
-* rank abuse, such as automated starring or following
-* creation of or participation in secondary markets for the purpose of the proliferation of inauthentic activity
-* using GitHub as a platform for propagating abuse on other platforms
-* phishing or attempted phishing
-
-## 5. Services Usage Limits
+We do not allow content or activity on GitHub that is:
+- automated excessive bulk activity and coordinated inauthentic activity, such as 
+   * spamming 
+   * cryptocurrency mining;
+* bulk distribution of promotions and advertising prohibited by GitHub terms and policies;
+* inauthentic interactions, such as fake accounts and automated inauthentic activity;
+* rank abuse, such as automated starring or following;
+* creation of or participation in secondary markets for the purpose of the proliferation of inauthentic activity;
+* using GitHub as a platform for propagating abuse on other platforms;
+* phishing or attempted phishing; or
+* using our servers for any form of excessive automated bulk activity, to place undue burden on our servers through automated means, or to relay any form of unsolicited advertising or solicitation through our servers, such as get-rich-quick schemes.
+
+## 5. Site Access and Safety
+We do not allow content or activity on GitHub that:
+
+- directly supports [unlawful active attack or malware campaigns](/github/site-policy/github-active-malware-or-exploits) that are causing technical harms — such as using our platform to deliver malicious executables or as attack infrastructure, for example by organizing denial of service attacks or managing command and control servers — with no implicit or explicit dual-use purpose prior to the abuse occurring; or
+- uses our servers to disrupt or to attempt to disrupt, or to gain or to attempt to gain unauthorized access to, any service, device, data, account or network. Please note, activities permitted under bug bounty programs, such as the [GitHub Bug Bounty program](https://bounty.github.com), are not considered “unauthorized.”
+
+## 6. Services Usage Limits
 You will not reproduce, duplicate, copy, sell, resell or exploit any portion of the Service, use of the Service, or access to the Service without our express written permission.
 
-## 6. Information Usage Restrictions
+## 7. Information Usage Restrictions
 You may use information from our Service for the following reasons, regardless of whether the information was scraped, collected through our API, or obtained otherwise:
 
 -  Researchers may use public, non-personal information from the Service for research purposes, only if any publications resulting from that research are [open access](https://en.wikipedia.org/wiki/Open_access).
@@ -80,24 +83,28 @@ You may not use information from the Service (whether scraped, collected through
 
 Your use of information from the Service must comply with the [GitHub Privacy Statement](/github/site-policy/github-privacy-statement).
 
-## 7. Privacy
+## 8. Privacy
 Misuse of User Personal Information is prohibited.
 
 Any person, entity, or service collecting data from the Service must comply with the [GitHub Privacy Statement](/articles/github-privacy-statement), particularly in regards to the collection of User Personal Information. If you collect any User Personal Information from the Service, you agree that you will only use that User Personal Information for the purpose for which that User has authorized it. You agree that you will reasonably secure any User Personal Information you have gathered from the Service, and you will respond promptly to complaints, removal requests, and "do not contact" requests from us or other users.
 
-## 8. Excessive Bandwidth Use
+## 9. Excessive Bandwidth Use
 The Service's bandwidth limitations vary based on the features you use. If we determine your bandwidth usage to be significantly excessive in relation to other users of similar features, we reserve the right to suspend your Account, throttle your file hosting, or otherwise limit your activity until you can reduce your bandwidth consumption. We also reserve the right—after providing advance notice—to delete repositories that we determine to be placing undue strain on our infrastructure. For guidance on acceptable use of object storage in repositories, refer to "[What is my disk quota?](/github/managing-large-files/what-is-my-disk-quota)". For more details on specific features' bandwidth limitations, see the [GitHub Additional Product Terms](/github/site-policy/github-additional-product-terms).
 
-## 9. Advertising on GitHub
+## 10. Advertising on GitHub
 **Short version:** *We do not generally prohibit use of GitHub for advertising. However, we expect our users to follow certain limitations, so GitHub does not become a spam haven. No one wants that.*
 
 While we understand that you may want to promote your Content by posting supporters' names or logos in your Account, the primary focus of the Content posted in or through your Account to the Service should not be advertising or promotional marketing. This includes Content posted in or through Pages, Packages, repositories, and all other parts of the Service. You may include static images, links, and promotional text in the README documents or project description sections associated with your Account, but they must be related to the project you are hosting on GitHub. You may not advertise in other Users' Accounts, such as by posting monetized or excessive bulk content in issues.
 
-You may not promote or distribute content or activity that is illegal or otherwise prohibited by our [Terms of Service](/github/site-policy/github-terms-of-service/), [Community Guidelines](/github/site-policy/github-community-guidelines/), or [Acceptable Use Policy](/github/site-policy/github-acceptable-use-policies/), including excessive automated bulk activity (for example, spamming), get-rich-quick schemes, and misrepresentation or deception related to your promotion.
+You may not promote or distribute content or activity that is illegal or otherwise prohibited by our [Terms of Service](/github/site-policy/github-terms-of-service/)or [Acceptable Use Policies](/github/site-policy/github-acceptable-use-policies/), including excessive automated bulk activity (for example, spamming), get-rich-quick schemes, and misrepresentation or deception related to your promotion.
 
 If you decide to post any promotional materials in your Account, you are solely responsible for complying with all applicable laws and regulations, including without limitation the U.S. Federal Trade Commission's Guidelines on Endorsements and Testimonials. We reserve the right to remove any promotional materials or advertisements that, in our sole discretion, violate any GitHub terms or policies.
 
-GitHub reserves the right to remove any Content in violation of this policy.
+## 11. User Protection
+You must not engage in activity that significantly harms other users.   
+
+We will interpret our policies and resolve disputes in favor of protecting users as a whole.
+
+---
 
-## 10. User Protection
-You must not engage in activity that significantly harms other users. We will resolve disputes in favor of protecting users as a whole.
+GitHub retains full discretion to [take action](/github/site-policy/github-community-guidelines#what-happens-if-someone-violates-githubs-policies) in response to a violation of these policies, including account suspension, account [termination](/github/site-policy/github-terms-of-service#3-github-may-terminate), or [removal](/github/site-policy/github-terms-of-service#2-github-may-remove-content) of content.
diff --git a/Policies/github-active-malware-or-exploits.md b/Policies/github-active-malware-or-exploits.md
@@ -0,0 +1,23 @@
+---
+title: GitHub Active Malware or Exploits
+versions:
+  fpt: '*'
+topics:
+  - Policy
+  - Legal
+---
+
+Being part of a community includes not taking advantage of other members of the community. We do not allow anyone to use our platform in direct support of unlawful attacks that cause technical harms, such as using GitHub as a means to deliver malicious executables or as attack infrastructure, for example by organizing denial of service attacks or managing command and control servers. Technical harms means overconsumption of resources, physical damage, downtime, denial of service, or data loss, with no implicit or explicit dual-use purpose prior to the abuse occurring.
+
+  Note that GitHub allows dual-use content and supports the posting of content that is used for research into vulnerabilities, malware, or exploits, as the publication and distribution of such content has educational value and provides a net benefit to the security community. We assume positive intention and use of these projects to promote and drive improvements across the ecosystem. 
+
+  In rare cases of very widespread abuse of dual-use content, we may restrict access to that specific instance of the content to disrupt an ongoing unlawful attack or malware campaign that is leveraging the GitHub platform as an exploit or malware CDN. In most of these instances, restriction takes the form of putting the content behind authentication, but may, as an option of last resort, involve disabling access or full removal where this is not possible (e.g. when posted as a gist). We will also contact the project owners about restrictions put in place where possible. 
+
+  Restrictions are temporary where feasible, and do not serve the purpose of purging or restricting any specific dual-use content, or copies of that content, from the platform in perpetuity. While we aim to make these rare cases of restriction a collaborative process with project owners, if you do feel your content was unduly restricted, we have an [appeals process](/github/site-policy/github-community-guidelines#appeal-and-reinstatement) in place.
+
+  To facilitate a path to abuse resolution with project maintainers themselves, prior to escalation to GitHub abuse reports, we recommend, but do not require, that repository owners take the following steps when posting potentially harmful security research content:
+
+* Clearly identify and describe any potentially harmful content in a disclaimer in the project’s README.md file or source code comments.
+* Provide a preferred contact method for any 3rd party abuse inquiries through a SECURITY.md file in the repository (e.g. "Please create an issue on this repository for any questions or concerns"). Such a contact method allows 3rd parties to reach out to project maintainers directly and potentially resolve concerns without the need to file abuse reports.
+
+*GitHub considers the npm registry to be a platform used primarily for installation and run-time use of code, and not for research.*
diff --git a/Policies/github-bullying-and-harassment.md b/Policies/github-bullying-and-harassment.md
@@ -0,0 +1,19 @@
+---
+title: GitHub Bullying and Harassment
+versions:
+  fpt: '*'
+topics:
+  - Policy
+  - Legal
+---
+
+We do not tolerate harassment, bullying, or abuse of any kind, whether directly or by encouraging others to take part in the prohibited conduct. This includes:
+
+- Targeted personal attacks
+- Piling on to or orchestrating [disruptive](/github/site-policy/github-disrupting-the-experience-of-other-users) activity in a way that amounts to abuse
+- Following another user around the platform in a manner that causes intimidation
+- Making sexual advances or comments directed at another individual
+- Disingenuously participating in conversation in a way that instigates conflict or undermines sincere discussion
+- Creating alternative accounts specifically to evade moderation action taken by GitHub staff or users
+
+Please note, not all unwelcome conduct is necessarily considered harassment. For example, disagreeing with another user or downvoting their comments may not rise to the level of harassment on our platform. In addition, sharing criticism of public figures or projects, or topics of public interest, does not necessarily fall under this policy. However, we encourage you to be mindful in how you engage with other users and the platform, as this activity may still violate our restriction on disrupting the experience of other users.