From 9309aa9c6330f9121153c70f8637addf13f7966d Mon Sep 17 00:00:00 2001 From: "David A. Wheeler" Date: Sat, 29 Jul 2017 17:46:15 -0400 Subject: [PATCH] Add CONTRIBUTING.md documentation Signed-off-by: David A. Wheeler --- CONTRIBUTING.md | 71 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 CONTRIBUTING.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..ddaeafd --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,71 @@ +# How to contribute to Flawfinder + +We love contributions! Here's how to do them in a way that will +make everyone's lives easy. + +## Reporting + +For normal problems, bugs, and feature requests, please file a +[ticket](https://sourceforge.net/p/flawfinder/_list/tickets). + +If you find a vulnerability, please separately send a private email to +[David A. Wheeler](https://www.dwheeler.com/contactme.html). +We plan to handle vulnerabilities separately, fixing them and *then* +telling the world. We will gladly provide credit to vulnerability reporters +(unless you don't want the credit). We've never had a vulnerability +report, so this is theoretical at this time. + +## Change process + +We use "git" to track changes. To propose a change, create a fork +(copy) of the repository, make your changes, and create a +merge request (also called a pull request). +If you're not familiar with the process, here's some +[documentation](https://sourceforge.net/p/forge/documentation/Git/). + +## License and DCO + +All proposed changes must be released under at least the project license, +in this case the GNU GPL version 2 or later (GPL-2.0+). + +Proposers must agree to the +[Developer's Certificate of Origin](https://developercertificate.org/), +aka DCO. +The DCO basically says that you assert that you're legally allowed to +provide the commit. Please include in your commit a statement of the +form to confirm this ("git commit -s" will do this): + +> Signed-off-by: Your-name + +You much include the DCO in your first commit proposal. +If you forget occasionally, we'll assume that you just forgot, but +please try to not forget. + +## Code Conventions + +The Python code uses 2-space indents. Do not use tabs. +It is currently Python 2.7; please don't make it hard to convert +to Python 3 when that eventually happens. + +We aspire to eventually comply with +[PEP 8](https://www.python.org/dev/peps/pep-0008/) other than the +indentation size. In practice the code doesn't actually conform to that, +but patches to improve that are generally welcome. + +To make the program easy to install everywhere, the main executable +is exactly one self-contained file. That involves some compromises, +but for now, please keep it that way. + +## Tests + +Make *sure* that your code passes the automated tests. Invoke tests with +"make check". + +It's our policy that as major new functionality is added to the software +produced by the project, tests of that functionality should be added to +the automated test suite. + +## Other + +We want to eventually earn a +[CII Best Practices Badge](https://bestpractices.coreinfrastructure.org/projects/323).