A requirement to complete onboarding to Commonhaus is resolving violations of CH requirements in Elytron's GitHub repositories. Below I list all the things that need correcting, as extracted from a report created using CH's policy-panda tool (https://github.com/commonhaus/foundation/blob/main/templates/panda/README.md).

A possibility to address many of these in a simple way is to add a .github repository to the wildfly-security org and include a GOVERNANCE.md, CODE_OF_CONDUCT.md and CONTRIBUTING.md in it. That assumes the same content is applicable to all repos, which I expect to be the case, except perhaps for CONTRIBUTING.md.

I would like the GOVERNANCE one to be addressed by a simple file that links to https://github.com/wildfly/wildfly-governance/blob/main/wildfly-as/GOVERNANCE.md. The 'wildfly' GH org uses https://github.com/wildfly/.github/blob/main/GOVERNANCE.md

Re the 'Developer Certificate of Origin - File does not exist' ones, each repo must have a dco.txt file. Let me know and I can try using a jbang script I wrote to send PRs to each repo to add it.

All CONTRIBUTING.md files should have a section that deals with legal stuff. I recommend largely copying the 'Legal' section from https://github.com/commonhaus/foundation/blob/main/CONTRIBUTING.md. That is what I'm doing in 'wildfly' and 'wildfly-extras` repos. You should of course edit that to reflect the license that is used instead of MIT.

Note that if you go with the approach of putting just one CONTRIBUTING.md in a .github repo a link to dco.txt I believe will point to the one in that repo. If you don't like that it's fine to not make that a hyperlink.

Policy Compliance Report for wildfly-security

Generated on: 2026-02-01T20:53:39.937624

wildfly-security/wildfly-elytron

❌ Governance - File does not exist
❌ Developer Certificate of Origin - File does not exist
❌ DCO Reference - DCO mentioned in CONTRIBUTING

wildfly-security/jboss-negotiation

❌ Governance - File does not exist
❌ Code of Conduct - File does not exist
❌ Contributing - File does not exist
❌ Developer Certificate of Origin - File does not exist

wildfly-security/elytron-web

❌ Governance - File does not exist
❌ Developer Certificate of Origin - File does not exist
❌ DCO Reference - DCO mentioned in CONTRIBUTING

wildfly-security/wildfly-openssl

❌ Governance - File does not exist
❌ Developer Certificate of Origin - File does not exist
❌ DCO Reference - DCO mentioned in CONTRIBUTING

wildfly-security/elytron-web-jetty

❌ Governance - File does not exist
❌ Code of Conduct - File does not exist
❌ Contributing - File does not exist
❌ Developer Certificate of Origin - File does not exist
⚠️ License - File does not exist

wildfly-security/elytron-web-netty

❌ Governance - File does not exist
❌ Code of Conduct - File does not exist
❌ Contributing - File does not exist
❌ Developer Certificate of Origin - File does not exist
⚠️ License - File does not exist

wildfly-security/wildfly-elytron-ee

❌ Governance - File does not exist
❌ Code of Conduct - File does not exist
❌ Contributing - File does not exist
❌ Developer Certificate of Origin - File does not exist

wildfly-security/wildfly-elytron-mp

❌ Governance - File does not exist
❌ Code of Conduct - File does not exist
❌ Developer Certificate of Origin - File does not exist
❌ DCO Reference - DCO mentioned in CONTRIBUTING

wildfly-security/soteria

❌ Governance - File does not exist
❌ Code of Conduct - File does not exist
❌ Developer Certificate of Origin - File does not exist
❌ DCO Reference - DCO mentioned in CONTRIBUTING

wildfly-security/wildfly-openssl-natives

❌ Governance - File does not exist
❌ Developer Certificate of Origin - File does not exist
❌ DCO Reference - DCO mentioned in CONTRIBUTING

wildfly-security/team-planning

❌ Governance - File does not exist
❌ Code of Conduct - File does not exist
❌ Contributing - File does not exist
❌ Developer Certificate of Origin - File does not exist
⚠️ License - File does not exist