You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This reduces the chances that a skimmer reads "Issues are used for
bugs..." and files an issue without scrolling down to see the security
section.
I've also added links back to the security section from the all other
paragraphs that suggest using other channels (issues, pull requests,
IRC), so that no matter which anchor a skimmer starts at, they cannot
miss the fact that we have a special disclosure procedure for security
issues. If we are confident that readers interested in submitting a
security issue will not start at a mid-document anchor without reading
the beginning of this file, we could drop some or all of these
back-refs.
Also adjust the lines I touch to use one line per sentence, since
that's the standard in other OCI Projects (like the runtime spec [1]).
[1]: https://github.com/opencontainers/runtime-spec/blob/v1.0.1/style.md#one-sentence-per-line
Signed-off-by: W. Trevor King <[email protected]>
Copy file name to clipboardExpand all lines: CONTRIBUTING.md
+20-14Lines changed: 20 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,14 +1,20 @@
1
1
# Contribution Guidelines
2
2
3
-
Development happens on GitHub.
4
-
Issues are used for bugs and actionable items and longer discussions can happen on the [mailing list](#mailing-list).
3
+
## Security issues
5
4
6
-
The content of this repository is licensed under the [Apache License, Version 2.0](LICENSE).
5
+
If you are reporting a security issue, *do not* create an issue or file a pull request on GitHub.
6
+
Instead, disclose the issue responsibly by sending an email to [[email protected]](mailto:[email protected]) (which is inhabited only by the maintainers of the various OCI projects).
7
7
8
8
## Code of Conduct
9
9
10
10
Participation in the Open Container community is governed by [Open Container Code of Conduct][code-of-conduct].
11
11
12
+
## Discussion
13
+
14
+
Development happens on GitHub.
15
+
Issues are used for non-security bugs and actionable items; longer discussions can happen on the [mailing list](#mailing-list).
16
+
Responsible disclosure for security issues is discussed [above](#security-issues).
17
+
12
18
## Meetings
13
19
14
20
The contributors and maintainers of all OCI projects have monthly meetings at 2:00 PM (USA Pacific) on the first Wednesday of every month.
@@ -20,25 +26,24 @@ Minutes from past meetings are archived [here][minutes].
20
26
## Mailing list
21
27
22
28
You can subscribe and browse the mailing list on [Google Groups][mailing-list].
29
+
Responsible disclosure for security issues is discussed [above](#security-issues).
23
30
24
31
## IRC
25
32
26
-
OCI discussion happens on #opencontainers on [Freenode][] ([logs][irc-logs]).
33
+
Non-security OCI discussion happens on #opencontainers on [Freenode][] ([logs][irc-logs]).
34
+
Responsible disclosure for security issues is discussed [above](#security-issues).
27
35
28
36
## Git
29
37
30
-
### Security issues
31
-
32
-
If you are reporting a security issue, do not create an issue or file a pull
33
-
request on GitHub. Instead, disclose the issue responsibly by sending an email
The content of this repository is licensed under the [Apache License, Version 2.0](LICENSE).
36
39
37
40
### Pull requests are always welcome
38
41
39
-
We are always thrilled to receive pull requests, and do our best to
40
-
process them as fast as possible. Not sure if that typo is worth a pull
41
-
request? Do it! We will appreciate it.
42
+
We are always thrilled to receive pull requests for non-security changes, and do our best to process them as fast as possible.
43
+
Not sure if that typo is worth a pull request?
44
+
Do it!
45
+
We will appreciate it.
46
+
Responsible disclosure for security issues is discussed [above](#security-issues).
42
47
43
48
If your pull request is not accepted on the first try, don't be
44
49
discouraged! If there's a problem with the implementation, hopefully you
@@ -51,8 +56,9 @@ incorporating a new feature.
51
56
### Conventions
52
57
53
58
Fork the repo and make changes on your fork in a feature branch.
54
-
For larger bugs and enhancements, consider filing a leader issue or mailing-list thread for discussion that is independent of the implementation.
59
+
For larger non-security bugs and enhancements, consider filing a leader issue or mailing-list thread for discussion that is independent of the implementation.
55
60
Small changes or changes that have been discussed on the [project mailing list](#mailing-list) may be submitted without a leader issue.
61
+
Responsible disclosure for security issues is discussed [above](#security-issues).
56
62
57
63
If the project has a test suite, submit unit tests for your changes. Take a
58
64
look at existing tests for inspiration. Run the full test suite on your branch
0 commit comments