This document covers the project's governance and committer process. The project consists of the in-toto specification and reference implementation.
The project is maintained by the people indicated in MAINTAINERS.txt. A maintainer is expected to (1) submit and review GitHub pull requests and (2) open issues or submit vulnerability reports. A maintainer has the authority to approve or reject pull requests submitted by contributors. The project's Consensus Builder (CB) is Justin Cappos <[email protected], @JustinCappos>.
A contributor can submit GitHub pull requests to the project's repositories. They must follow the project's code of conduct, the Developer Certificate of Origin (DCO) and the code style guidelines, and they must unit test any new software feature or change. Submitted pull requests undergo review and automated testing, including, but not limited to:
- Unit and build testing via Tox on GitHub Actions and AppVeyor
- Static code analysis via Pylint and Bandit
- Checks for Signed-off-by commits via Probot: DCO
- Review by one or more maintainers
See Instructions for Contributors for help.
A contributor to the project must express interest in becoming a maintainer. The CB has the authority to add or remove maintainers.
The CB supervises changes in governance.