Contributing

Contributions are welcome!

Contributions can be bug reports, feature requests, testing and documentation
in addition to code. Please see the github guide on
Collaborating on projects using issues and pull requests for details.

Contributions to this project are accepted on an
"inbound=outbound" basis.
That means that you agree that your contributions are made under the
same license as the license for this project, the Apache License 2.0 LICENSE

To make this understanding explicit -- and for you to assert
that you have the right to make the contribution -- commits must be
signed off indicating acceptance of the
Developer Certificate of Origin 1.1 DCO

A nice explanation of the DCO has been provided by
Karl Fogel
in his excellent book Producing Open Source Software.

An explanation of the "sign-off" procedure is given by
Linus Torvalds in Linux.

Contribution Workflow

This is an overview of the contribution workflow:

Verified commits with GPG

Verifying commits is not essential for contributions to this project,
but for those motivated to add additional security it is important
to know that Github now supports GPG signature verification.

Using GPG is a complex subject. Here are some pointers for further information:

You can export your GPG public key to a file for use with Github as follows
(assuming your GPG key id is 0xCAFED00D):

gpg --output 0xCAFED00D.asc --armor --export-options export-clean,export-minimal --export 0xCAFED00D

Simply paste the contents of that file in the SSH and GPG keys section of your Github settings.