Open-source NomadPosting with AGPL governance#1
Merged
Conversation
Signed-off-by: s00ly <s00ly@users.noreply.github.com>
Signed-off-by: s00ly <s00ly@users.noreply.github.com>
Signed-off-by: s00ly <s00ly@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Scope
This pull request makes NomadPosting legally open source and adds the repository controls needed to accept contributions responsibly. It does not enable live posting or claim production readiness.
Decisions
AGPL-3.0-or-later).What changed
LICENSE, DCO 1.1, contribution terms, governance, maintainer, conduct, and name/provenance policies.CODEOWNERS, issue forms, and a stronger pull-request template.Local verification
scripts/check-dco-tests.sh: signed author and co-author cases passed; unsigned author, unsigned co-author, unsigned post-adoption, and empty-range cases failed as required.aef6a31..543d916: DCO adoption detected ataecbbe9; all three post-adoption commits passed.go mod verify,go test -count=3 ./..., andgo vet ./...passed all 10 packages.gofmt, dependency-license policy, Linux amd64 CGO-disabled cross-builds, and high-signal literal-secret scan passed.govulncheck v1.6.0found no reachable symbol- or package-level vulnerability; the existing unreachable module advisory remains documented indocs/VERIFICATION.md.CI evidence
Current head:
543d916cf3593c5898a97cb7bc9b520b52613cb9.signoff: passed.verify: passed.verify: passed.The prior head failed before assertions because the Windows-authored checker lacked an executable bit on Ubuntu. Commit
543d916fixed the root cause by invoking the checker through Bash and recording both DCO scripts as executable; all replacement runs are green.Production boundary
This remains a dry-run research preview. Live release is still blocked on the reviewed Linux namespace/WireGuard/nftables/DNS executor and teardown; packet-capture no-fallback proofs across every fault phase; broker-backed pinned transports; concrete NIP-46 identity, permission, and Schnorr verification; OS-backed secret sealing; same-exit X reconciliation and length conformance; remaining metadata-index encryption; live relay review; provisioned and validated infrastructure; full accessibility and visual regression; canary evidence; and three clean production adversarial rounds.