--- /dev/null
+<!DOCTYPE html>
+<html lang="en">
+ <!--#include virtual="/inc/head.shtml" -->
+
+ <body>
+ <!--#include virtual="/inc/banner.shtml" -->
+
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header>
+ <h1>Guidelines for OpenSSL Committers</h1>
+ </header>
+
+ <div class="entry-content">
+ <h2>Who is a committer?</h2>
+
+ <p>OpenSSL committers are contributors who have commit access
+ to the
+ <a href="https://git.openssl.org">OpenSSL source code repository</a>.
+ Committers review and commit their own patches as well as
+ those of other contributors.</p>
+
+ <h2>How to become a committer?</h2>
+ <p>Commit access is granted by the OpenSSL Management Committee
+ (OMC) (see the
+ <a href="/policies/bylaws.html">OpenSSL bylaws</a>).
+
+ <p>We welcome contributors who become domain experts in some
+ part of the library (for example, low-level crypto) as well as
+ generalists who contribute to all areas of the codebase. All
+ committers share the responsibility for the overall health
+ of the project: aside from contributing quality features,
+ committers are team players who fix bugs, address open
+ issues, review community contributions, and improve tests and
+ documentation. Committers are also shepherds of the OpenSSL
+ community and its
+ <a href="/community/conduct.html">code of conduct</a>.</p>
+
+ <p>To become a committer, start by contributing code. Read our
+ <a href="/policies/codingstyle.html">coding style</a>, and get
+ to know our build and test system. Then, use the
+ <a href="/policies/roadmap.html">project roadmap</a>,
+ <a href="https://github.com/openssl/openssl/issues">Github issue
+ tracker</a>, and our
+ <a href="/community/mailinglists.html">maing lists</a>
+ find impactful ideas to work on. Seek feedback from multiple OMC
+ members to understand the project, and to support your
+ application. Let them know that you'd like to become a committer
+ - they'll nominate you when your code review record demonstrates
+ impact as well as understanding of the codebase and coding style
+ (usually after a few months of activity). The final decision to
+ grant commit access is taken by an OMC vote.</p>
+
+ <h2>How to maintain commit status?</h2>
+ <p>To maintain commit status, you should stay active in the
+ project. As stated in the project bylaws, if you remain inactive
+ for several months, your commit access will be withdrawn - but
+ you are always welcome back, just ask an OMC member to
+ re-nominate you.</p>
+ <p>In the unlikely and unfortunate event that your actions
+ conflict with the project objectives or are otherwise
+ disruptive, commit access may also be revoked by vote of the
+ OMC.</p>
+
+ <h2>Code reviews</h2>
+ <p>All submissions must be reviewed and approved by at least two
+ committers, one of whom must also be an OMC member. If the
+ author is also a committer then that counts as one of the
+ reviews. In other words:</p>
+ <ul>
+ <li>OMC members need one approval from any committer</li>
+ <li>Committers need one approval from a committer within the
+ OMC</li>
+ <li>Contributors without commit rights need two approvals,
+ including one from the OMC.</li>
+ </ul>
+
+ <p>This process may seem a little heavy, but OpenSSL is a large,
+ complicated codebase, and we think two reviews help prevent
+ security bugs, as well as disseminate knowledge to the growing
+ contributor base.</p>
+
+ <p>Contributors without commit rights cannot formally approve
+ patches but are nevertheless welcome to comment on submissions
+ and do technical reviews. We always value another pair of eyes,
+ and volunteering for reviews counts favourably towards becoming
+ a committer. As an author, we ask that you address all comments,
+ even if you already have the necessary approvals.</p>
+
+ <p>If you have trouble finding consensus on a difficult review,
+ reach out to the OMC at
+ <a href="mailto:openssl-team@openssl.org">openssl-team@openssl.org</a>
+ (private, moderated) or committers at
+ <a href="mailto:openssl-dev@openssl.org">openssl-dev@openssl.org</a>
+ (public). On GitHub, you can reach OMC members at @openssl/team,
+ and committers can be found at @openssl/dev.</p>
+
+ <h2>Commit workflow</h2>
+ <p>We do code reviews on GitHub. The
+ <a href="https://github.com/openssl/openssl">OpenSSL GitHub
+ repository</a>
+ is a mirror, so we do not merge on GitHub. When you become a
+ committer, we.ll send you instructions to get commit access to
+ the main repository. To have handy links to review history, we
+ record the reviewers and GitHub pull request IDs in commit
+ headers. We have some helper scripts in the
+ <a href="https://github.com/openssl/tools">tools repo</a>
+ to add these headers automatically.</p>
+
+ <p>We don't use merge commits.</p>
+
+ <p>If at any point during development or review you discover
+ a potential security issue, we ask that you report it to
+ <a href="mailto:openssl-security@openssl.org"> openssl-security@openssl.org</a>
+ and don't discuss it further in public. We review security
+ sensitive patches privately, off GitHub. We do not currently
+ have a way to open access to those reviews after the patches
+ have been released.</p>
+
+ <h2>A note on CLAs</h2>
+ <p>All authors, including committers, must have current CLAs on
+ file. A CLA is not required for trivial contributions (e.g. the
+ fix of a spelling mistake). If all reviewers as well as the
+ original author agree that the submission is trivial, the commit
+ can be labelled "CLA: trivial" to skip CLA checks.</p>
+
+ </div>
+
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href="/policies"> Policies</a>
+ : <a href="">Guidelines for Committers</a>.
+ <br><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.shtml" -->
+ </div>
+ </div>
+
+ <!--#include virtual="/inc/footer.shtml" -->
+ </body>
+</html>
projects / openssl-web.git / commitdiff