Make repo documentation structure consistent with other oracle repos

Author: timfel

CONTRIBUTING.md

@@ -0,0 +1,48 @@
+# Contributing to this repository
+
+We welcome your contributions! There are multiple ways to contribute.
+
+## Opening issues
+
+For bugs or enhancement requests, please file a GitHub issue unless it's security related.
+When filing a bug remember that the better written the bug is, the more likely it is to be fixed.
+If you think you've found a security vulnerability, do not raise a GitHub issue and follow the instructions in our [security policy](./SECURITY.md).
+
+## Contributing code
+
+We welcome your code contributions.
+Before submitting code via a pull request, you will need to have signed the [Oracle Contributor Agreement][OCA] (OCA) and your commits need to include the following line using the name and e-mail address you used to sign the OCA:
+
+```text
+Signed-off-by: Your Name <[email protected]>
+```
+
+This can be automatically added to pull requests by committing with `--sign-off` or `-s`, e.g.
+
+```text
+git commit --signoff
+```
+
+Only pull requests from committers that can be verified as having signed the OCA can be accepted.
+
+To get you started with the technical details, we have [written a bit](docs/contributor/CONTRIBUTING.md) about the structure of this interpreter that should show how to fix things or add features.
+
+## Pull request process
+
+1. Ensure there is an issue created to track and discuss the fix or enhancement you intend to submit.
+2. Fork this repository.
+3. Create a branch in your fork to implement the changes.
+   We recommend using the issue number as part of your branch name, e.g. `GH1234-fixes`.
+4. Ensure that any documentation is updated where it makes sense.
+5. Submit the pull request.
+   Explain what your changes are meant to do and provide simple steps on how to validate your changes.
+   Ensure that you reference the issue you created as well.
+7. We will assign the pull request to at least 1 person for review before it is merged.
+
+## Code of conduct
+
+Follow the [Golden Rule](https://en.wikipedia.org/wiki/Golden_Rule).
+If you'd like more specific guidelines, see the [Contributor Covenant Code of Conduct][COC].
+
+[OCA]: https://oca.opensource.oracle.com
+[COC]: https://www.contributor-covenant.org/version/1/4/code-of-conduct/

LICENSE LICENSE.txt

@@ -1,10 +1,10 @@
-Product License  - GraalVM Community Edition 20.0 Python Language 
+Product License  - GraalVM Community Edition 23.0 Python Language 
 Component
 
 This is a release of GraalVM Community Edition 20.0 Python Language Component. 
 This particular copy of the software is released under Universal Permissive 
 License (UPL) v. 1.0.
-Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved
+Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved
 
 ===========================================================================
            Universal Permissive License v. 1.0.

README.md

@@ -1,4 +1,4 @@
-# GraalVM Implementation of Python
+# GraalPy, the GraalVM Implementation of Python
 
 This is GraalPy, an implementation of the Python language.
 A primary goal is to support SciPy and its constituent libraries.
@@ -7,7 +7,7 @@ GraalPy currently aims to be compatible with Python 3.10, but it is some way fro
 While your specific workload may function, any Python program that uses external packages could hit something unsupported.
 At this point, the Python implementation is made available for experimentation and curious end-users.
 
-### Trying It
+## Installation
 
 The easiest option to try GraalPy is [Pyenv](https://github.com/pyenv/pyenv/), the Python version manager.
 It allows you to easily install different GraalPy releases.
@@ -18,7 +18,7 @@ To try GraalPy with a full GraalVM, including the support for Java embedding and
 Another option is to use [Conda-Forge](https://conda-forge.org/).
 To get an environment with the latest GraalPy, use `conda create -c conda-forge -n graalpy graalpy`.
 
-### Building from Source
+## Building from Source
 
 #### Requirements
 
@@ -58,45 +58,38 @@ source <dir-to-venv>/bin/activate
 
 In the venv, multiple executables are available, like `python`, `python3` and `graalpy`. 
 
-### Installing Packages
+## Installing Packages
 
 You should be able to use the `pip` command from a GraalPy venv to install packages.
 Our `pip` ships some patches for packages that we test internally, these will be applied automatically where necessary.
 Support for as many extension modules as possible is a high priority for us.
 We are actively building out our support for the Python C API to make extensions such as NumPy, SciPy, Scikit-learn, Pandas, Tensorflow and the like work fully.
 This means that some might already work, but we're still actively working on compatibility especially with native extensions.
 
-### Polyglot Usage
+## Polyglot Usage
 
 We have a [document](docs/user/Interoperability.md) describing how we implement the
 cross-language interop. This will hopefully give you an idea how to use it.
 
-### Jython Support
+## Jython Support
 
 We are working on a mode that is "mostly compatible" with some of Jython's
 features, minus of course that Jython implements Python 2.7 and we implement
 Python 3.10+. We describe the current status of the compatibility mode
 [here](docs/user/Jython.md).
 
-### Contributing
+## Contributing
 
-If you're thinking about contributing something to this repository, you will need
-to sign the [Oracle Contributor
-Agreement](http://www.graalvm.org/community/contributors/) for us to able to
-merge your work. Please also take note of our [code of
-conduct](http://www.graalvm.org/community/conduct/) for contributors.
+If you're thinking about contributing something to this repository, you will need to sign the [Oracle Contributor Agreement](http://www.graalvm.org/community/contributors/) for us to able to merge your work.
+Please also take note of our [code of conduct](http://www.graalvm.org/community/conduct/) for contributors.
 
-To get you started, we have [written a bit](docs/contributor/CONTRIBUTING.md) about the
-structure of this interpreter that should show how to fix things or add
-features.
+This project welcomes contributions from the community. Before submitting a pull request, please [review our contribution guide](./CONTRIBUTING.md).
 
-### Licensing
+## Security
 
-This GraalVM implementation of Python is copyright (c) 2017, 2019 Oracle and/or
-its affiliates and is made available to you under the terms the Universal
-Permissive License v 1.0 as shown at
-[https://oss.oracle.com/licenses/upl/](https://oss.oracle.com/licenses/upl/). This
-implementation is in part derived from and contains additional code from 3rd
-parties, the copyrights and licensing of which is detailed in the
-[LICENSE](LICENSE) and [THIRD_PARTY_LICENSE](THIRD_PARTY_LICENSE.txt) files.
+Please consult the [security guide](./SECURITY.md) for our responsible security vulnerability disclosure process.
 
+## License
+
+This GraalVM implementation of Python is Copyright (c) 2017, 2023 Oracle and/or its affiliates and is made available to you under the terms the Universal Permissive License v 1.0 as shown at [https://oss.oracle.com/licenses/upl/](https://oss.oracle.com/licenses/upl/).
+This implementation is in part derived from and contains additional code from 3rd parties, the copyrights and licensing of which is detailed in the [LICENSE](./LICENSE.txt) and [THIRD_PARTY_LICENSE](THIRD_PARTY_LICENSE.txt) files.

SECURITY.md

@@ -1,34 +1,34 @@
-# Reporting Security Vulnerabilities
+# Reporting security vulnerabilities
 
-The GraalVM team values the independent security research community and believes that responsible disclosure of security vulnerabilities in GraalVM helps us ensure the security and privacy of all our users.
+Oracle values the independent security research community and believes that responsible disclosure of security vulnerabilities helps us ensure the security and privacy of all our users.
 
-If you believe you have found a security vulnerability, please submit a report
-to [email protected] preferably with a proof of concept. Please refer to
-[Reporting
-Vulnerabilities](https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html)
-for additional information including our public encryption key for secure
-email. We ask that you do not contact project contributors directly or through
-other channels about a report.
+Please do NOT raise a GitHub Issue to report a security vulnerability.
+If you believe you have found a security vulnerability, please submit a report to [[email protected]][1] preferably with a proof of concept.
+Please review some additional information on [how to report security vulnerabilities to Oracle][2].
+We encourage people who contact Oracle Security to use email encryption using [our encryption key][3].
 
-### Security Updates, Alerts and Bulletins
+We ask that you do not use other channels or contact the project maintainers directly.
 
-GraalVM Community Edition security updates will be released on a quarterly basis
-in conjunction with the Oracle GraalVM security updates that are part
-of the Oracle Critical Patch Update program. Security updates are released on
-the Tuesday closest to the 17th day of January, April, July and October. A
-pre-release announcement will be published on the Thursday preceding each
-Critical Patch Update release. For additional information including past
-advisories, please refer to [Security
-Alerts](https://www.oracle.com/security-alerts/).
+Non-vulnerability related security issues including ideas for new or improved security features are welcome on GitHub Issues.
+
+## Security updates, alerts and bulletins
+
+Security updates will be released on a regular cadence.
+Many of our projects will typically release security fixes in conjunction with the [Oracle Critical Patch Update][3] program.
+Additional information, including past advisories, is available on our [security alerts][4] page.
+
+## Security-related information
+
+Please refer to the [GraalVM Security Guide](https://www.graalvm.org/latest/security-guide/) for security related topics such as how to support trusted and less trusted code execution using the Truffle language framework, or compiler mitigations for transitive execution attacks.
+However please note that we do not currently support the execution of untrusted or adversarial code.
+Non-vulnerability related security issues may be discussed on GitHub Issues or the Security channel in the [GraalVM Slack Workspace](https://graalvm.slack.com/)
+
+[1]: mailto:[email protected]
+[2]: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html
+[3]: https://www.oracle.com/security-alerts/encryptionkey.html
+[4]: https://www.oracle.com/security-alerts/
 
 ### Security-Related Information
 
-Please refer to the [GraalVM Security
-Guide](https://www.graalvm.org/latest/security-guide/) for security related topics
-such as how to support trusted and less trusted code execution using the Truffle
-language framework, or compiler mitigations for transitive execution
-attacks. However please note that we do not currently support the execution of
-untrusted or adversarial code. Non-vulnerability related security issues may be
-discussed on GitHub Issues or the Security channel in the [GraalVM Slack
-Workspace](https://graalvm.slack.com/)
+
 

mx.graalpython/suite.py

@@ -797,7 +797,7 @@
             "fileListPurpose": 'native-image-resources',
             "description": "GraalVM Python support distribution for the GraalVM license files",
             "layout": {
-                "LICENSE_GRAALPY.txt": "file:LICENSE",
+                "LICENSE_GRAALPY.txt": "file:LICENSE.txt",
                 "THIRD_PARTY_LICENSE_GRAALPY.txt": "file:THIRD_PARTY_LICENSE.txt",
             },
             "maven": False,