Contributing

On this page

dembrane is built in the open, and contributions are welcome. Whether you’ve found a bug, written a fix, or want to add a feature, this page explains how to get your change in - and how we keep the project safe and maintainable while doing it.

The guiding principle is the same one behind the product: PEOPLE KNOW HOW. The people using dembrane and reading its code often see things the maintainers don’t. We’d rather hear from you than not.

Important

The authoritative process lives in the repository's CONTRIBUTING file and LICENSE. This page summarises them; if anything here and those files disagree, the files win. Read licensing before you contribute, because your contributions are licensed under the project’s terms.

Before you start

What gets prioritised

Security and privacy pull requests are prioritised. dembrane handles people’s spoken words

Pull-request requirements

A PR is much more likely to be merged quickly if it arrives complete:

Keep PRs focused - one logical change per PR is far easier to review than a sprawling one.

The Contributor Licence Agreement (CLA)

dembrane requires a CLA. By contributing, you grant Dembrane B.V. a perpetual licence over your contributions. This is what lets the project ship your code under both the open BSL 1.1 licence and the commercial licence (and re-licence to GPLv3 on each release’s Change Date, as described in licensing). You’ll be prompted to accept the CLA as part of the contribution process; we can’t merge contributions without it.

Code of conduct

dembrane has a code of conduct, and it applies everywhere the community gathers - issues, pull requests, and the Slack. The short version: be decent, be respectful, assume good faith, and make space for people who are new. The full text is in the repository.

Reporting a security issue

Warning

Do not open a public issue or PR for a security vulnerability. Disclosing it publicly before it’s fixed puts every dembrane user at risk.

Report security issues privately to sameer@dembrane.com. Include enough detail to reproduce, and give us a reasonable window to fix and ship before any public disclosure. Security and privacy fixes are prioritised, as noted above.

Community Slack

There’s a community Slack for questions, discussion, and help getting set up - a good place to float an idea before you write code, or to ask why something works the way it does. The invite link is in the project configuration (and surfaced in the dashboard); the maintainers and other contributors hang out there.

Where to dig deeper

If you’re going to work on the codebase in earnest, the internal developer guides are written for exactly that:

Related

Comments