Contributing to Canyan Rating

Thank you for showing interest in contributing to the Canyan Rating project.

Note: We take Canyan's security and our users trust very seriously. If you believe you have found a security issue in Canyan, please responsibly disclose by contacting us at security@canyan.io.

When contributing to this repository, please first discuss the change you wish to make via issue, slack, email, or any other method with the owners of this repository before making a change.

if you're unsure or afraid of anything, just ask or submit the issue or pull request anyways. You won't be yelled at for giving your best effort. The worst that can happen is that you'll be politely asked to change something. We appreciate any sort of contributions, and don't want a wall of rules to get in the way of that.

Please note we have a Code of Conduct that applies to all contributors and participants to the Canyan project, please follow it in all your interactions with the project.

Pull Request

Pull requests are very welcome, and the maintainers of Canyan will work hard to review and hopefully merge your work.

It can make sense to discuss your work beforehand if it is significant for the project. You can start a discussion on Slack.

Using commit signoffs and changelog tags is mandatory for all commits!

Process

  1. Ensure any install or build dependencies and files are removed before your push. Please refer to the .gitignore and update the file if necessary to not push irrelevant files.
  2. Update the README.md and CHANGELOG.md with details of changes and needed documentation for added features.
  3. Increase the version numbers in any examples files and the CHANGELOG.md to the new version that this Pull Request would represent.
  4. You may merge the Pull Request in once you have the sign-off of two other developers, or if you do not have permission to do that, you may request the second reviewer to merge it for you.

Sign your work

Canyan is licensed under the GNU General Public License version 3. To ensure open source license compatibility, we need to keep track of the origin of all commits and make sure they comply with the license. To do this we ask every commit to be signed off.

The sign-off is a simple line at the end of the explanation for the patch, which certifies that you wrote it or otherwise have the right to pass it on as an open-source commit. The rules are pretty simple: if you can certify the below (from developercertificate.org):

Developer Certificate of Origin
Version 1.1

Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
1 Letterman Drive
Suite D4700
San Francisco, CA, 94129

Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.


Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I
    have the right to submit it under the open source license
    indicated in the file; or

(b) The contribution is based upon previous work that, to the best
    of my knowledge, is covered under an appropriate open source
    license and I have the right under that license to submit that
    work with modifications, whether created in whole or in part
    by me, under the same open source license (unless I am
    permitted to submit under a different license), as indicated
    in the file; or

(c) The contribution was provided directly to me by some other
    person who certified (a), (b) or (c) and I have not modified
    it.

(d) I understand and agree that this project and the contribution
    are public and that a record of the contribution (including all
    personal information I submit with it, including my sign-off) is
    maintained indefinitely and may be redistributed consistent with
    this project or the open source license(s) involved.

Then you just add a line to every git commit message:

Signed-off-by: Random J Developer <random@developer.example.org>

Use your real name (sorry, no pseudonyms or anonymous contributions).

If you set your user.name and user.email git configs, you can sign your commit automatically with git commit -s.

Reporting security issues

If you come across any security issue, please bring it to our team's attention as quickly as possible by sending an email to security@canyan.io.

Please do not disclose anything in public. Once an issue has been addressed we will publish the fix and acknowledge your finding on our site if you so wish.