diff options
author | Loïc Hoguin <[email protected]> | 2013-02-27 18:25:45 +0100 |
---|---|---|
committer | Loïc Hoguin <[email protected]> | 2013-02-27 18:25:45 +0100 |
commit | 5c5794d27ba8fd71b33ab1b893069531d8f08a49 (patch) | |
tree | 79ac457e64a95e9f23668c385e2b929f64bf42c2 | |
parent | 02ed254daa2df86ce8eff7f68b5f202ac9d31a7d (diff) | |
download | cowboy-5c5794d27ba8fd71b33ab1b893069531d8f08a49.tar.gz cowboy-5c5794d27ba8fd71b33ab1b893069531d8f08a49.tar.bz2 cowboy-5c5794d27ba8fd71b33ab1b893069531d8f08a49.zip |
Add more details on how to report bugs and vulnerabilities
-rw-r--r-- | CONTRIBUTING.md | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e6ef8df..9e2fa32 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -20,12 +20,26 @@ repository `upstream` refers to the official repository for this project. Following this document will ensure prompt merging of your work in the `master` branch of the project. -Planning --------- +Reporting bugs +-------------- + +Upon identifying a bug or a DoS vulnerability, you SHOULD submit a ticket, +regardless of your plans for fixing it. If you plan to fix the bug, you +SHOULD discuss your plans to avoid having your work rejected. + +Upon identifying a security vulnerability in Erlang/OTP that leaves Cowboy +vulnerable to attack, you SHOULD consult privately with the Erlang/OTP team +to get the issue resolved. + +Upon identifying a security vulnerability in Cowboy's `cowboy_static` module, +you SHOULD submit a ticket, regardless of your plans for fixing it. Please +ensure that all necessary details to reproduce are listed. You then SHOULD +inform users on the mailing list about the issue, advising that they use +another means for sending static files until the issue is resolved. -Upon identifying a bug, you SHOULD submit a ticket, regardless of your -plans for fixing it. If you plan to fix the bug, you SHOULD discuss your -plans to avoid having your work rejected. +Upon identifying a security vulnerability in any other part of Cowboy, you +SHOULD contact us directly by email. Please ensure that all necessary details +to reproduce are listed. Before implementing a new feature, you SHOULD submit a ticket for discussion on your plans. The feature might have been rejected already, or the |