mirror of https://github.com/ctz/rustls
Add initial CONTRIBUTING
This commit is contained in:
parent
4bf2b87ce7
commit
bd2be2b792
|
@ -0,0 +1,56 @@
|
|||
# Contributing
|
||||
|
||||
Thanks for considering helping this project. There are many
|
||||
ways you can help: using the library and reporting bugs,
|
||||
reporting usability issues, making additions and improvements
|
||||
to the library, documentation and finding security bugs.
|
||||
|
||||
## Reporting bugs
|
||||
|
||||
Please file a github issue. Include as much information as
|
||||
possible. Suspected protocol bugs are easier debugged with
|
||||
a pcap or reproduction steps.
|
||||
|
||||
Feel free to file github issues to get help, or ask a question.
|
||||
|
||||
## Code changes
|
||||
|
||||
Some ideas and guidelines for contributions:
|
||||
|
||||
- For large features, file an issue prior to starting work.
|
||||
This means everyone can see what is in progress prior to a PR.
|
||||
- Feel free to submit a PR even if the work is not totally finished,
|
||||
for feedback or to hand-over.
|
||||
- Prefer not to reference github issue or PR numbers in commits.
|
||||
- Try to keep code formatting commits separate from functional commits.
|
||||
- See [`.travis.yml`](.travis.yml) for how to run the various test
|
||||
suites, and how to make coverage measurements.
|
||||
- I run `cargo outdated` prior to major releases; but PRs to update specific
|
||||
dependencies are welcome.
|
||||
|
||||
## Security bugs
|
||||
|
||||
Please report security bugs by filing a github issue, or by
|
||||
email to jbp@jbp.io if you want to disclose privately. I'll then:
|
||||
|
||||
- Prepare a fix and regression tests.
|
||||
- Backport the fix and make a patch release for most recent release.
|
||||
- Submit an advisory to [rustsec/advisory-db](https://github.com/RustSec/advisory-db).
|
||||
- Refer to the advisory on the main README.md and release notes.
|
||||
|
||||
If you're *looking* for security bugs, this crate is set up for
|
||||
`cargo fuzz` but would benefit from more runtime, targets and corpora.
|
||||
|
||||
## Testing
|
||||
|
||||
- Features involving additions to the public API should have (at least)
|
||||
API-level tests (see [`tests/api.rs`](tests/api.rs)).
|
||||
- Protocol additions should have some coverage -- consider enabling
|
||||
corresponding tests in the bogo suite, or writing some adhoc tests.
|
||||
|
||||
PRs which cause test failures or a significant coverage decrease
|
||||
are unlikely to be accepted.
|
||||
|
||||
## Licensing
|
||||
|
||||
Contributions are made under [rustls's licenses](LICENSE).
|
Loading…
Reference in New Issue