mattrpav commented on code in PR #1691: URL: https://github.com/apache/activemq/pull/1691#discussion_r2828693623
########## CONTRIBUTING.md: ########## @@ -0,0 +1,62 @@ +# Contributing Guidelines + +*Pull requests, bug reports, and all other forms of contribution are welcomed and highly encouraged!* + +### Contents + +- [Code of Conduct](#code-of-conduct) +- [Asking Questions](#bulb-asking-questions) +- [Opening an Issue](#inbox_tray-opening-an-issue) +- [Feature Requests](#love_letter-feature-requests) +- [Triaging Issues](#mag-triaging-issues) +- [Code Contributions](#code-contributions) +- [Credits](#pray-credits) + +> **This guide serves to set clear expectations for everyone involved with the project so that we can improve it together while also creating a welcoming space for everyone to participate. Following these guidelines will help ensure a positive experience for contributors and maintainers.** + +## Code of Conduct + +Please review the Apache [Code of Conduct](https://www.apache.org/foundation/policies/conduct). It is in effect at all times. We expect it to be honored by everyone who contributes to this project. + +## Asking Questions + +## Opening an Issue + +### Reporting Security Issues + +Review our Apache [Security Policy](https://www.apache.org/security/). **Do not** file a public issue for security vulnerabilities. + +### Bug Reports and Other Issues + +## Feature Requests + +## Triaging Issues + +## Code Contributions + +### Submitting Pull Requests + +### Writing Commit Messages + +### Pull Request Review + +### Coding Style + +### Certification of origin + +1. Apache ActiveMQ committers should sign all commits using an SSH key tied to their apache.org email address Review Comment: This shouldn't be seen as limiting. The benefit of using SSH keys it that Github (or anyone else) never has the private secret. This is more secure all-around and starting to become the standard practice (and requirement!) for SOC2 and ISO security certifications used by enterprises (aka end users of ActiveMQ). As a project, ActveMQ can present a strong, and modern security stance by having committers sign commits vs relying on GH secrets or passkeys. edit: I'll make a ssh signing quick-start guide to accompany this to show how easy it is to use over passwords/tokens/passkeys. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information, visit: https://activemq.apache.org/contact
