Contribution Guide

This document outlines how to contribute to this project. It details instructions on how to submit issues, bug reports and patches.

Before you participate in the community, you should also agree to respect the code of conduct, shipped in CODE_OF_CONDUCT.rst in the source code.

Positive feedback

Even if you have no changes, suggestions, documentation or bug reports to submit, even just positive feedback like “it works” goes a long way. It shows the project is being used and gives instant gratification to contributors. So we welcome emails that tell us of your positive experiences with the project or just thank you notes. Contact maintainers directly or submit a closed issue with your story. You can also send your “thanks” through

Issues and bug reports

We want you to report issues you find in the software. It is a recognized and important part of contributing to this project. All issues will be read and replied to politely and professionally. Issues and bug reports should be filed on the issue tracker.

Issue triage

Issue triage is a useful contribution as well. You can review the issues in the project page and, for each issue:

  • try to reproduce the issue, if it is not reproducible, label it with help-wanted and explain the steps taken to reproduce

  • if information is missing, label it with invalid and request specific information

  • if the feature request is not within the scope of the project or should be refused for other reasons, use the wontfix label and close the issue

  • mark feature requests with the enhancement label, bugs with bug, duplicates with duplicate and so on…

Note that some of those operations are available only to project maintainers, see below for the different statuses.

Security issues

Security issues should first be disclosed privately to the project maintainers, which support receiving encrypted emails through the usual OpenPGP key discovery mechanisms.

This project cannot currently afford bounties for security issues. We would still ask that you coordinate disclosure, giving the project a reasonable delay to produce a fix and prepare a release before public disclosure.

Public recognition will be given to reporters security issues if desired. We otherwise agree with the Disclosure Guidelines of the HackerOne project, at the time of writing.


Patches can be submitted through pull requests on the project page.

Some guidelines for patches:

  • A patch should be a minimal and accurate answer to exactly one identified and agreed problem.

  • A patch must compile cleanly and pass project self-tests on all target platforms.

  • A patch commit message must consist of a single short (less than 50 characters) line stating a summary of the change, followed by a blank line and then a description of the problem being solved and its solution, or a reason for the change. Write more information, not less, in the commit log.

  • Patches should be reviewed by at least one maintainer before being merged.

Project maintainers should merge their own patches only when they have been approved by other maintainers, unless there is no response within a reasonable timeframe (roughly one week) or there is an urgent change to be done (e.g. security or data loss issue).

As an exception to this rule, this specific document cannot be changed without the consensus of all administrators of the project.

Note: Those guidelines were inspired by the Collective Code Construction Contract. The document was found to be a little too complex and hard to read and wasn’t adopted in its entirety. See this discussion for more information.

Patch triage

You can also review existing pull requests, by cloning the contributor’s repository and testing it. If the tests do not pass (either locally or in Travis), if the patch is incomplete or otherwise does not respect the above guidelines, submit a review with “changes requested” with reasoning.


There are three levels of membership in the project, Administrator (also known as “Owner” in GitHub), Maintainer (also known as “Member”), or regular users (everyone with or without a GitHub account). Anyone is welcome to contribute to the project within the guidelines outlined in this document, regardless of their status, and that includes regular users.

Maintainers can:

  • do everything regular users can

  • review, push and merge pull requests

  • edit and close issues

Administrators can:

  • do everything maintainers can

  • add new maintainers

  • promote maintainers to administrators

Regular users can be promoted to maintainers if they contribute to the project, either by participating in issues, documentation or pull requests.

Maintainers can be promoted to administrators when they have given significant contributions for a sustained timeframe, by consensus of the current administrators. This process should be open and decided as any other issue.

Maintainers can be demoted by administrators and administrators can be demoted by the other administrators’ consensus. Unresponsive maintainers or administrators can be removed after a month unless they specifically announced a leave.