diff options
author | Adam Vartanian <flooey@google.com> | 2017-03-16 09:58:59 +0000 |
---|---|---|
committer | Adam Vartanian <flooey@google.com> | 2017-03-17 08:52:08 +0000 |
commit | 13b268f0491ae3cbcb4b7582d1a31bd5c45c69ee (patch) | |
tree | da15f3c49b06a255595c0f3381c641249f24853e /CONTRIBUTING.md | |
parent | b18ddaff10013b068327a3aa468274bbbddcba69 (diff) | |
parent | c89a32e2ce9e165423a632388513f8c972cdbdbb (diff) | |
download | wycheproof-13b268f0491ae3cbcb4b7582d1a31bd5c45c69ee.tar.gz |
Merge upstream-master into master.
This is just the upstream code, the Android-specific files like
README.version will come in a followup change.
Bug: 31182886
Test: None
Change-Id: I85e69e914b2e05131d9db8f22f3ab3de69942ad4
Diffstat (limited to 'CONTRIBUTING.md')
-rw-r--r-- | CONTRIBUTING.md | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..fa97ad3 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,43 @@ +Want to contribute? Great! First, read this page (including the small print at +the end). + +### Before you contribute +Before we can use your code, you must sign the +[Google Individual Contributor License Agreement] +(https://cla.developers.google.com/about/google-individual) +(CLA), which you can do online. The CLA is necessary mainly because you own the +copyright to your changes, even after your contribution becomes part of our +codebase, so we need your permission to use and distribute your code. We also +need to be sure of various other things—for instance that you'll tell us if you +know that your code infringes on other people's patents. You don't have to sign +the CLA until after you've submitted your code for review and a member has +approved it, but you must do it before we can put your code into our codebase. +Before you start working on a larger contribution, you should get in touch with +us first through the issue tracker with your idea so that we can help out and +possibly guide you. Coordinating up front makes it much easier to avoid +frustration later on. + +### Disclosure +If your tests uncover security vulnerabilities, please first report directly to +the maintainers of the libraries. You should only submit tests to us once the +bugs have been acknowledged or fixed. + +Google has several +[security reward programs](https://www.google.com/about/appsecurity/programs-home/) +that provide cash rewards for quality security research that identifies or fixes +security vulnerabilities in products that we provide or proactive security +improvements to select open-source products. If your tests found or helped fix +vulnerabilities that are in scope you should submit them to these programs. + +If you have any question with regard to disclosure, please email us at +security@google.com. + +### Code reviews +All submissions, including submissions by project members, require review. We +use GitHub pull requests for this purpose. + +### The small print +Contributions made by corporations are covered by a different agreement than +the one above, the +[Software Grant and Corporate Contributor License Agreement] +(https://cla.developers.google.com/about/google-corporate).
\ No newline at end of file |