aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLoïc Hoguin <[email protected]>2013-02-27 18:25:45 +0100
committerLoïc Hoguin <[email protected]>2013-02-27 18:25:45 +0100
commit5c5794d27ba8fd71b33ab1b893069531d8f08a49 (patch)
tree79ac457e64a95e9f23668c385e2b929f64bf42c2
parent02ed254daa2df86ce8eff7f68b5f202ac9d31a7d (diff)
downloadcowboy-5c5794d27ba8fd71b33ab1b893069531d8f08a49.tar.gz
cowboy-5c5794d27ba8fd71b33ab1b893069531d8f08a49.tar.bz2
cowboy-5c5794d27ba8fd71b33ab1b893069531d8f08a49.zip
Add more details on how to report bugs and vulnerabilities
-rw-r--r--CONTRIBUTING.md24
1 files changed, 19 insertions, 5 deletions
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index e6ef8df..9e2fa32 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -20,12 +20,26 @@ repository `upstream` refers to the official repository for this project.
Following this document will ensure prompt merging of your work in the
`master` branch of the project.
-Planning
---------
+Reporting bugs
+--------------
+
+Upon identifying a bug or a DoS vulnerability, you SHOULD submit a ticket,
+regardless of your plans for fixing it. If you plan to fix the bug, you
+SHOULD discuss your plans to avoid having your work rejected.
+
+Upon identifying a security vulnerability in Erlang/OTP that leaves Cowboy
+vulnerable to attack, you SHOULD consult privately with the Erlang/OTP team
+to get the issue resolved.
+
+Upon identifying a security vulnerability in Cowboy's `cowboy_static` module,
+you SHOULD submit a ticket, regardless of your plans for fixing it. Please
+ensure that all necessary details to reproduce are listed. You then SHOULD
+inform users on the mailing list about the issue, advising that they use
+another means for sending static files until the issue is resolved.
-Upon identifying a bug, you SHOULD submit a ticket, regardless of your
-plans for fixing it. If you plan to fix the bug, you SHOULD discuss your
-plans to avoid having your work rejected.
+Upon identifying a security vulnerability in any other part of Cowboy, you
+SHOULD contact us directly by email. Please ensure that all necessary details
+to reproduce are listed.
Before implementing a new feature, you SHOULD submit a ticket for discussion
on your plans. The feature might have been rejected already, or the