| Hugo McNally | f6298b3 | 2023-02-12 14:47:22 +0000 | [diff] [blame] | 1 | # Contributing to OpenTitan |
| Alex Bradbury | e04db85 | 2020-10-15 13:37:16 +0100 | [diff] [blame] | 2 | |
| 3 | Thank you for your interest in contributing to OpenTitan. |
| 4 | This document provides some guidelines to making those contributions. |
| 5 | Important points before getting started: |
| 6 | * We consider honest feedback crucial to quality. |
| 7 | We work hard to thoroughly review changes and provide actionable feedback. |
| 8 | We do this to ensure a high quality open source design. |
| 9 | * Always assume good intent. |
| 10 | Our feedback may be demanding and may even feel disheartening. |
| 11 | Again, this is to support a high quality silicon design, and we definitely appreciate all OpenTitan contributions. |
| 12 | * Please be friendly and patient in your communications. |
| 13 | * All OpenTitan interactions are covered by [lowRISC's code of conduct](https://www.lowrisc.org/code-of-conduct/). |
| 14 | * When communicating, remember OpenTitan is a security-focused project. |
| 15 | Because of this, certain issues may need to be discussed in a small group first. |
| Hugo McNally | 544e7a6 | 2023-02-12 01:12:36 +0000 | [diff] [blame] | 16 | See the [Security Issues Process](#security-issues) described below for more details. |
| Alex Bradbury | e04db85 | 2020-10-15 13:37:16 +0100 | [diff] [blame] | 17 | * OpenTitan involves both hardware and software. |
| 18 | We follow a hybrid approach involving both silicon and software design practices. |
| 19 | * OpenTitan is a work in progress. |
| 20 | We are always looking for ways to improve and welcome feedback on any project matter, technical or not. |
| 21 | |
| 22 | **Important**: Please read the next three, short sections on reporting bugs, reporting security issues, and contributing code in preparation for making your first contribution to OpenTitan. |
| Hugo McNally | aef0a66 | 2023-02-11 19:44:55 +0000 | [diff] [blame] | 23 | If you would like more details, see the [Detailed Contribution Guide](./detailed_contribution_guide/README.md). |
| Alex Bradbury | e04db85 | 2020-10-15 13:37:16 +0100 | [diff] [blame] | 24 | |
| 25 | ## Bug reports |
| 26 | |
| Hugo McNally | 544e7a6 | 2023-02-12 01:12:36 +0000 | [diff] [blame] | 27 | **To report a security issue, please follow the [Security Issues Process](#security-issues)**. |
| Alex Bradbury | e04db85 | 2020-10-15 13:37:16 +0100 | [diff] [blame] | 28 | |
| 29 | Ideally, all designs are bug free. |
| 30 | Realistically, each piece of collateral in our repository is in a different state of maturity with some still under active testing and development. |
| Hugo McNally | aef0a66 | 2023-02-11 19:44:55 +0000 | [diff] [blame] | 31 | See the [Hardware Development Stages](../project_governance/development_stages.md) for an example of how hardware progress is tracked. |
| Alex Bradbury | e04db85 | 2020-10-15 13:37:16 +0100 | [diff] [blame] | 32 | |
| 33 | We are happy to receive bug reports and eager to fix them. |
| 34 | Please make reports by opening a new issue in our [GitHub issue tracker](https://github.com/lowRISC/opentitan/issues). |
| 35 | |
| 36 | ## Security issues |
| 37 | |
| 38 | Security is of major importance to the OpenTitan project. |
| 39 | When dealing with security matters, and in keeping with standard industry practice, there are reasons why it makes sense to be cautious and have a non-public discussion within a small group of experts before full disclosure. |
| 40 | For example, |
| 41 | * to ensure responsible disclosure of vulnerabilities, |
| 42 | * or to discuss the security impact of new features or proposed changes to an existing feature. |
| 43 | |
| 44 | If you believe you have found a security issue or intend to work on potentially security sensitive matters, please first reach out to our experienced security team at security@opentitan.org before starting a public discussion. |
| 45 | That will enable us to engage successfully without creating undue risk to the project or its consumers. |
| 46 | |
| 47 | ## Contributing code |
| 48 | |
| 49 | The information below aims at helping you get involved in the OpenTitan project by guiding you through our process of preparing your contribution and getting it integrated. |
| 50 | |
| 51 | For straight-forward and non-invasive contributions, a high level of coordination is unlikely to be necessary. |
| 52 | In these cases, please open a pull request. |
| 53 | |
| 54 | For larger proposed changes we ask contributors to: |
| 55 | * Discuss the matter with the team, either through the [opentitan-dev@opentitan.org](https://groups.google.com/a/opentitan.org/forum/#!forum/opentitan-dev) mailing list or through discussions in issues on GitHub. |
| 56 | Agree on a course of action and document this in a GitHub issue. |
| 57 | * Implement the contribution, i.e., the solution previously agreed on, and reference the discussion when submitting the contribution. |
| 58 | * Have the implementation reviewed by the team, address any feedback, and finally have it integrated into the project. |
| 59 | |
| 60 | Note that contributions must be accompanied by sign-off text which indicates acceptance of the project's Contributor License Agreement - see [CONTRIBUTING.md](https://github.com/lowRISC/opentitan/blob/master/CONTRIBUTING.md) for details. |
