Contribution guide

This document outlines how to contribute to this project. It details instructions on how to submit issues, bug reports and patches.

Before you participate in the community, you should agree to respect the Code of conduct.


Before you reuse this document in your own project, you will need to at least read the whole thing and make a few changes. Concretely, you will at least need to do the following changes:

  • change the references at the top of the file to point to your project
  • change the release process to follow your workflow (or remove it if releases are against your religion, which would be sad)
  • also consider using a tool like DCO to assign copyright ownership
  • obviously, remove or comment out this note when done

Positive feedback

Even if you have no changes, suggestions, documentation or bug reports to submit, even just positive feedback like “it works” goes a long way. It shows the project is being used and gives instant gratification to contributors. So we welcome emails that tell us of your positive experiences with the project or just thank you notes. Head out to contact for contact informations or submit a closed issue with your story.

You can also send your “thanks” through

Say thanks to the author


We love documentation!

The documentation resides in various Sphinx documentations and in the README file. Those can can be edited online once you register and changes are welcome through the normal patch and merge request system.

Issues found in the documentation are also welcome, see below to file issues in our tracker.

Issues and bug reports

We want you to report issues you find in the software. It is a recognized and important part of contributing to this project. All issues will be read and replied to politely and professionnally. Issues and bug reports should be filed on the issue tracker.

Issue triage

Issue triage is a useful contribution as well. You can review the issues in the project page and, for each issue:

  • try to reproduce the issue, if it is not reproducible, label it with more-info and explain the steps taken to reproduce
  • if information is missing, label it with more-info and request specific information
  • if the feature request is not within the scope of the project or should be refused for other reasons, use the wontfix label and close the issue
  • mark feature requests with the enhancement label, bugs with bug, duplicates with duplicate and so on…

Note that some of those operations are available only to project maintainers, see below for the different statuses.

Security issues

Security issues should first be disclosed privately to the project maintainers (see Contact), which support receiving encrypted emails through the usual OpenPGP key discovery mechanisms.

This project cannot currently afford bounties for security issues. We would still ask that you coordinate disclosure, giving the project a reasonable delay to produce a fix and prepare a release before public disclosure.

Public recognition will be given to reporters security issues if desired. We otherwise agree with the Disclosure Guidelines of the HackerOne project, at the time of writing.


Patches can be submitted through merge requests on the project page.

Some guidelines for patches:

  • A patch should be a minimal and accurate answer to exactly one identified and agreed problem.
  • A patch must compile cleanly and pass project self-tests on all target platforms.
  • A patch commit message must consist of a single short (less than 50 characters) line stating a summary of the change, followed by a blank line and then a description of the problem being solved and its solution, or a reason for the change. Write more information, not less, in the commit log.
  • Patches should be reviewed by at least one maintainer before being merged.

Project maintainers should merge their own patches only when they have been approved by other maintainers, unless there is no response within a reasonable timeframe (roughly one week) or there is an urgent change to be done (e.g. security or data loss issue).

As an exception to this rule, this specific document cannot be changed without the consensus of all administrators of the project.

Note: Those guidelines were inspired by the Collective Code Construct Contract. The document was found to be a little too complex and hard to read and wasn’t adopted in its entirety. See this discussion for more information.

Patch triage

You can also review existing pull requests, by cloning the contributor’s repository and testing it. If the tests do not pass (either locally or in the online Continuous Integration (CI) system), if the patch is incomplete or otherwise does not respect the above guidelines, submit a review with “changes requested” with reasoning.


There are three levels of membership in the project, Administrator (also known as “Owner” in GitHub or GitLab), Maintainer (also known as “Member” on GitHub or “Developer” on GitLab), or regular users (everyone with or without an account). Anyone is welcome to contribute to the project within the guidelines outlined in this document, regardless of their status, and that includes regular users.

Maintainers can:

  • do everything regular users can
  • review, push and merge pull requests
  • edit and close issues

Administrators can:

  • do everything maintainers can
  • add new maintainers
  • promote maintainers to administrators

Regular users can be promoted to maintainers if they contribute to the project, either by participating in issues, documentation or pull requests.

Maintainers can be promoted to administrators when they have given significant contributions for a sustained timeframe, by consensus of the current administrators. This process should be open and decided as any other issue.

Release process


This is just an example. There is no official release process for the ecdysis project right now, as the module is not publicly released or versioned.

To make a release:

  1. generate release notes with:

    gbp dch

    the file header will need to be moved back up to the beginning of the file. also make sure to add a summary and choose a proper version according to Semantic Versioning

  2. tag the release according to Semantic Versioning rules:

    git tag -s x.y.z
  3. build and test the Python package:

    python bdist_wheel
    sudo pip install dist/*.whl
    ecdysis --version
    # check your emails and the logfile
    sudo pip uninstall ecdysis
  4. build and test the debian package:

    sudo dpkg -i ../ecdysis_*.deb
    ecdysis --version
    sudo dpkg --remove ecdysis
  5. push changes:

    git push
    git push --tags
    twine upload dist/*
    dput ../ecdysis*.changes
  6. edit the tag, copy-paste the changelog entry and attach the signed binaries