jeanouii commented on code in PR #1691: URL: https://github.com/apache/activemq/pull/1691#discussion_r2832164653
########## CONTRIBUTING.md: ########## @@ -0,0 +1,62 @@ +# Contributing Guidelines + +*Pull requests, bug reports, and all other forms of contribution are welcomed and highly encouraged!* + +### Contents + +- [Code of Conduct](#code-of-conduct) +- [Asking Questions](#bulb-asking-questions) +- [Opening an Issue](#inbox_tray-opening-an-issue) +- [Feature Requests](#love_letter-feature-requests) +- [Triaging Issues](#mag-triaging-issues) +- [Code Contributions](#code-contributions) +- [Credits](#pray-credits) + +> **This guide serves to set clear expectations for everyone involved with the project so that we can improve it together while also creating a welcoming space for everyone to participate. Following these guidelines will help ensure a positive experience for contributors and maintainers.** + +## Code of Conduct + +Please review the Apache [Code of Conduct](https://www.apache.org/foundation/policies/conduct). It is in effect at all times. We expect it to be honored by everyone who contributes to this project. + +## Asking Questions + +## Opening an Issue + +### Reporting Security Issues + +Review our Apache [Security Policy](https://www.apache.org/security/). **Do not** file a public issue for security vulnerabilities. + +### Bug Reports and Other Issues + +## Feature Requests + +## Triaging Issues + +## Code Contributions + +### Submitting Pull Requests + +### Writing Commit Messages + +### Pull Request Review + +### Coding Style + +### Certification of origin + +1. Apache ActiveMQ committers should sign all commits using an SSH key tied to their apache.org email address Review Comment: GPG keys are used for Artifact signing. Github fully supports it for code signing as well. If you want to use SSH for authentication that's ok, but you need 2 keys then. Same applies if you use SSH key for code signing as anyways you need an GPG key for artifact signing. So in the end I don't see any benefit of using one over the other. That's why I suggested to mentioned both. The 'one key' argument only holds outside the ASF context. For Apache committers, GPG is already a prerequisite, making it the more natural choice for commit signing. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information, visit: https://activemq.apache.org/contact
