Skip to content

Latest commit

 

History

History
45 lines (24 loc) · 3.05 KB

CONTRIBUTING.md

File metadata and controls

45 lines (24 loc) · 3.05 KB

Contributing to ACES

We're thrilled that you're interested in contributing to ACES. To maintain the legal integrity of the project's codebase, we require all contributors to sign a Contributor License Agreement (CLA).

Signing the CLA

  • Before we can merge any of your contributions, you must sign our CLA.
  • The process is simple. When you submit a pull request for the first time, you will be prompted to sign the CLA online.
  • If you are contributing on behalf of your employer or if your contributions are owned by someone other than yourself (e.g., your employer), please make sure you have the right to submit the contributions under our project's CLA.

By signing the CLA, you assure the project and its users that your contributions do not infringe upon the rights of any third parties and that the project can use your contributions without legal repercussions.

If you have any questions about the CLA process, please feel free to contact a member of the ACES Team via ACESCentral.com.

Requirement for Signed Commits

As part of our commitment to security and the integrity of our codebase, we require all commits to be signed. This helps us ensure that contributions are actually made by the account they come from and not altered by a third party.

Why Signed Commits?

Signed commits provide an additional layer of security by guaranteeing that the commits are from a verified source. This is crucial for maintaining the trustworthiness of our codebase.

How to Sign Commits

To sign commits, you'll need to use a GPG (GNU Privacy Guard) or S/MIME (Secure/Multipurpose Internet Mail Extensions) key. If you haven't already set up a GPG key, you can follow GitHub's guide on generating a new GPG key.

Once you have a GPG key, you can add it to your GitHub account. For instructions on how to do this, see GitHub's documentation on adding a new GPG key to your account.

When you have your GPG key added to your GitHub account, you can start signing your commits. If you're using the command line, you can sign commits with git commit -S -m "Your commit message".

Verifying a Signed Commit

You can verify that your commits are signed by looking for the "Verified" label on GitHub's commit interface.

What if You Cannot Sign Your Commits?

We understand that in some scenarios, you might not be able to sign commits. If you find yourself in this situation, please reach out to the project maintainers for assistance.

For more detailed instructions on signing commits, you can refer to GitHub's documentation on signing commits.


We appreciate your contributions to ACES, and we thank you for adhering to our signed commits policy. This policy helps us maintain the security and integrity of our codebase.

If you have any questions about this process, please feel free to contact the project maintainers.