OpenSearch is a community project that is built and maintained by people just like you. This document explains how you can contribute to this and related projects. The brief summary below outlines contribution guidelines specific to the OpenSearch-Security Repo.
The maintainers of the OpenSearch-Security Repo seek to promote an inclusive and engaged community of contributors. In order to facilitate this, weekly triage meetings are open-to-all and attendance is encouraged for anyone who hopes to contribute, discuss an issue, or learn more about the project.
Attendance is not required for your issue to be triaged or addressed. All new issues are triaged weekly.
Each meeting we seek to address all new issues. However, should we run out of time before your issue is discussed, you are always welcome to attend the next meeting or to follow up on the issue post itself.
Meetings are hosted regularly at 3 PM Eastern Time (Noon Pacific Time) and can be joined via the links posted on the Upcoming Events webpage.
After joining the Zoom meeting, you can enable your video / voice to join the discussion. If you do not have a webcam or microphone available, you can still join in via the text chat.
If you have an issue you'd like to bring forth please consider getting a link to the issue so it can be presented to everyone in the meeting.
Meetings are lightly structured such that new issues are reviewed first, then the sprint backlog, and finally the backlog. There is no specific ordering within each category.
If you have an issue you would like to discuss but do not have the ability to attend the entire meeting please attend when is best for you and signal that you have an issue to discuss when you arrive.
No, all are welcome and encouraged to attend. Attending the Backlog & Triage meetings is a great way for a new contributor to learn about the project as well as explore different avenues of contribution.
You can always open an issue including one that you think may be a duplicate. However, in cases where you believe there is an important distinction to be made between an existing issue and your newly created one, you are encouraged to attend the triaging meeting to explain.
If you have an existing issue you would like to discuss, you can always comment on the issue itself. Alternatively, you are welcome to come to the triage meeting to discuss.
While we are always happy to help the community, the best resource for implementation questions is the OpenSearch forum.
There you can find answers to many common questions as well as speak with implementation experts.
Due to the sensitive nature of security vulnerabilities, please report all potential vulnerabilities directly by following the steps outlined on the SECURITY.md document.
You can always file an issue for any question you have about the project. Alternatively, you can reach out to specific contacts helping to organize the project: Stephen Crawford (steecraw@amazon.com), Dave Lago (davelago@amazon.com), and Peter Nied (petern@amazon.com).