diff options
author | Thai Duong <thaidn@google.com> | 2016-12-04 19:23:25 -0800 |
---|---|---|
committer | Thai Duong <thaidn@google.com> | 2016-12-04 19:23:25 -0800 |
commit | b1b22bc6c0cc99aab75f55372e070bac3d40082d (patch) | |
tree | 18ad084e0075ba14c670d5b4b53dada829744372 /CONTRIBUTING.md | |
parent | 0a3269d0f938a01232628bbbdd4ec5593abcefde (diff) | |
download | wycheproof-b1b22bc6c0cc99aab75f55372e070bac3d40082d.tar.gz |
Fix more typos in README.md and rename CONTRIBUTING to CONTRIBUTING.md so that it is rendered correctly.
Diffstat (limited to 'CONTRIBUTING.md')
-rw-r--r-- | CONTRIBUTING.md | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..fa97ad3 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,43 @@ +Want to contribute? Great! First, read this page (including the small print at +the end). + +### Before you contribute +Before we can use your code, you must sign the +[Google Individual Contributor License Agreement] +(https://cla.developers.google.com/about/google-individual) +(CLA), which you can do online. The CLA is necessary mainly because you own the +copyright to your changes, even after your contribution becomes part of our +codebase, so we need your permission to use and distribute your code. We also +need to be sure of various other things—for instance that you'll tell us if you +know that your code infringes on other people's patents. You don't have to sign +the CLA until after you've submitted your code for review and a member has +approved it, but you must do it before we can put your code into our codebase. +Before you start working on a larger contribution, you should get in touch with +us first through the issue tracker with your idea so that we can help out and +possibly guide you. Coordinating up front makes it much easier to avoid +frustration later on. + +### Disclosure +If your tests uncover security vulnerabilities, please first report directly to +the maintainers of the libraries. You should only submit tests to us once the +bugs have been acknowledged or fixed. + +Google has several +[security reward programs](https://www.google.com/about/appsecurity/programs-home/) +that provide cash rewards for quality security research that identifies or fixes +security vulnerabilities in products that we provide or proactive security +improvements to select open-source products. If your tests found or helped fix +vulnerabilities that are in scope you should submit them to these programs. + +If you have any question with regard to disclosure, please email us at +security@google.com. + +### Code reviews +All submissions, including submissions by project members, require review. We +use GitHub pull requests for this purpose. + +### The small print +Contributions made by corporations are covered by a different agreement than +the one above, the +[Software Grant and Corporate Contributor License Agreement] +(https://cla.developers.google.com/about/google-corporate).
\ No newline at end of file |