mirrored from https://www.bouncycastle.org/repositories/bc-java
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
67 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| # Bouncy Castle Contributing Guidelines <!-- omit in toc --> | ||
|
|
||
| Thank you for contributing to Bouncy Castle! | ||
|
|
||
| In this guide, you get an overview of the contribution workflow from starting a discussion or opening an issue, to creating, reviewing, and merging a pull request. | ||
|
|
||
| For an overview of the project, see [README](README.md). | ||
|
|
||
| ### Start a discussion | ||
| If you have a question or problem, you can [search in discussions](../../discussions), if someone has already found a solution to your problem. | ||
|
|
||
| Or you can [start a new discussion](../../discussions/new/choose) and ask your question. | ||
|
|
||
| ### Create an issue | ||
|
|
||
| If you find a problem with Bouncy Castle, [search if an issue already exists](../../issues). | ||
|
|
||
| > **_NOTE:_** If the issue is a __potential security problem__, please contact us | ||
| before posting anything public. See [Security Policy](SECURITY.md). | ||
|
|
||
| If a related discussion or issue doesn't exist, and the issue is not security related, you can [open a new issue](../../issues/new). An issue can be converted into a discussion if regarded as one. | ||
|
|
||
| ### Contribute to the code | ||
|
|
||
| For substantial, non-trivial contributions, you may be asked to sign a contributor assignment agreement. Optionally, you can also have your name and contact information listed in [Contributors](https://www.bouncycastle.org/contributors.html). | ||
|
|
||
| Please note we are unable to accept contributions which cannot be released under the [Bouncy Castle License](https://www.bouncycastle.org/licence.html). Issuing a pull request on our public github mirror is taken as agreement to issuing under the Bouncy Castle License. | ||
|
|
||
| #### Create a pull request | ||
|
|
||
| > **_NOTE:_** If the issue is a __potential security problem__, please contact us. See [Security Policy](SECURITY.md). | ||
| You are welcome to send patches, under the Bouncy Castle License, as pull requests. For more information, see [Creating a pull request](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request). For minor updates, you can instead choose to create an issue with short snippets of code. See above. | ||
|
|
||
| * For contributions touching multiple files try and split up the pull request, smaller changes are easier to review and test, as well as being less likely to run into merge issues. | ||
| * Create a test cases for your change, it may be a simple addition to an existing test. If you do not know how to do this, ask us and we will help you. | ||
| * If you run into any merge issues, check out this [git tutorial](https://github.com/skills/resolve-merge-conflicts) to help you resolve merge conflicts and other issues. | ||
|
|
||
| For more information, refer to the Bouncy Castle documentation on [Getting Started with Bouncy Castle](https://doc.primekey.com/bouncycastle/introduction#Introduction-GettingStartedwithBouncyCastle). | ||
|
|
||
| #### Self-review | ||
|
|
||
| Don't forget to self-review. Please follow these simple guidelines: | ||
| * Keep the patch limited, only change the parts related to your patch. | ||
| * Do not change other lines, such as whitespace, adding line breaks to Java doc, etc. It will make it very hard for us to review the patch. | ||
|
|
||
|
|
||
| #### Your pull request is merged | ||
|
|
||
| For acceptance, pull requests need to meet specific quality criteria, including tests for anything substantial. Someone on the Bouncy Castle core team will review the pull request when there is time, and let you know if something is missing or suggest improvements. If it is a useful and generic feature it will be integrated in Bouncy Castle to be available in a later release. | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,17 @@ | ||
| # Reporting a security issue | ||
| # Security Policy | ||
|
|
||
| If you would like to report something you believe to be a security issue | ||
| then please use feedback-crypto@bouncycastle.org. | ||
| We can provide a PGP key if required. | ||
| ## Reporting a Vulnerability | ||
|
|
||
| If you think that you have found a security vulnerability, please report it to this email address: [feedback-crypto@bouncycastle.org](mailto:feedback-crypto@bouncycastle.org) | ||
|
|
||
| Describe the issue including all details, for example: | ||
| * Short summary of the problem | ||
| * Steps to reproduce | ||
| * Affected API versions | ||
| * Logs if available | ||
|
|
||
| The Bouncy Castle team will send a response indicating the next steps in handling your report. You may be asked to provide additional information or guidance. | ||
|
|
||
| If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. Optionally, you can have your name and contact information listed in [Contributors](https://www.bouncycastle.org/contributors.html) as well. | ||
|
|
||
| Please note we endeavor to issue patched releases that deal with security issues as soon as they are made known to us, ideally prior to issuing a Security Advisory where otherwise possible. In some cases, particularly if it relates to a FIPS release, delays due to external processes may delay the issuing of a Security Advisory. |