Permalink
Find file
b1b22bc Dec 4, 2016
43 lines (37 sloc) 2.12 KB

Want to contribute? Great! First, read this page (including the small print at the end).

Before you contribute

Before we can use your code, you must sign the Google Individual Contributor License Agreement (CLA), which you can do online. The CLA is necessary mainly because you own the copyright to your changes, even after your contribution becomes part of our codebase, so we need your permission to use and distribute your code. We also need to be sure of various other things—for instance that you'll tell us if you know that your code infringes on other people's patents. You don't have to sign the CLA until after you've submitted your code for review and a member has approved it, but you must do it before we can put your code into our codebase. Before you start working on a larger contribution, you should get in touch with us first through the issue tracker with your idea so that we can help out and possibly guide you. Coordinating up front makes it much easier to avoid frustration later on.

Disclosure

If your tests uncover security vulnerabilities, please first report directly to the maintainers of the libraries. You should only submit tests to us once the bugs have been acknowledged or fixed.

Google has several security reward programs that provide cash rewards for quality security research that identifies or fixes security vulnerabilities in products that we provide or proactive security improvements to select open-source products. If your tests found or helped fix vulnerabilities that are in scope you should submit them to these programs.

If you have any question with regard to disclosure, please email us at security@google.com.

Code reviews

All submissions, including submissions by project members, require review. We use GitHub pull requests for this purpose.

The small print

Contributions made by corporations are covered by a different agreement than the one above, the Software Grant and Corporate Contributor License Agreement.