Make contributing easy
- The codebase MUST have a public issue tracker that accepts suggestions from anyone.
- The codebase MUST include instructions for how to privately report security issues for responsible disclosure.
- The documentation MUST link to both the public issue tracker and submitted codebase changes, for example in a
- The codebase MUST have communication channels for users and developers, for example email lists.
- The documentation SHOULD include instructions for how to report potentially security sensitive issues on a closed channel.
Why this is important
- Enables users to fix problems and add features to the shared codebase leading to better, more reliable and feature rich software.
- Allows collaborative uptake of shared digital infrastructure.
- Helps users decide to use one codebase over another.
What this does not do
- Guarantee others will reuse the codebase.
How to test
- There’s a public issue tracker.
- It’s possible to participate in a discussion with other users about the software.
Policy makers: what you need to do
- Track policy issues in the codebase, so that a relevant external policy expert can volunteer help.
Management: what you need to do
- Track management issues in the codebase, so that external managers with relevant experience can volunteer help.
- Support your experienced policy makers, developers and designers to keep contributing to the codebase for as long as possible.
Developers and designers: what you need to do
- Respond promptly to requests.
- Keep your management informed of the time and resources you require to support other contributors.
- How to inspire exceptional contributions to your open-source project
- The benefits of coding in the open by the UK Government Digital Service.
- Verdaccio’s security policy is a really nice example.