The Coalition for Secure AI (CoSAI) is an open-source project that is actively seeking contributions from any willing participants. Here are some guidelines for people that would like to contribute to the project.
In general, a CoSAI Contributor is expected to:
- be knowledgeable in one or more fields related to the project
- contribute to the developing and finalizing the workstream deliverables
- be reliable in completing issues to which they have been assigned
- show commitment over time with one or more PRs merged
- follow the project style and testing guidelines
- follow branch, PR, and code style conventions
- contribute in ways that substantially improve the quality of the project and the experience of people who use it
When contributing to any CoSAI repository, please first discuss the change you wish to make via a Github Issue, or in an email to the specific Workstream mailing list.
Please note this project follows the OASIS Participants Code of Conduct; please be respectful of differing opinions when discussing potential contributions.
If you are new to the CoSAI project and are looking for an entry-point to make your first contribution, look at the open issues. Issues that are tagged with good first issues are meant to be small pieces of work that a first-time contributor can pick-up and complete. If you find one that you'd like to work on, please assign yourself or comment on the issue and one of the maintainers can assign it for you.
If you want to create a new issue that doesn't exist already, just open a new one. See here how to do that and follow the guidelines in one of our issue templates.
Follow these steps when submitting a pull request:
- Fork this repo into your GitHub account. Read more about forking a repo on Github here.
- Create a new branch, based on the
mainbranch, with a name that concisely describes what you’re working on. - Ensure that your changes do not cause any existing tests to fail.
- Submit a pull request against the
mainbranch.
- PR will be reviewed by the maintainers and approved by workstream leads or their delegates (maintainers)
- Grammatical errors, punctuation, white spaces? Need PR?
- Responses are due in 3 business days
The workstream maintainers are responsible for reviewing pull requests and issues in a timely manner (3 business days).
Lazy consensus is practiced for all projects and documents, including the main project repository and draft documents using other tools than Github.
Major changes on Github or to a WS document using any other official project platform should be accompanied by a post on the WS mailing list as appropriate. Author(s) of the proposal, Pull Requests, or issues, will give a time period of no less than seven (7) business days for comment and remain cognizant of popular observed world holidays.
main– main development branch, feature and release branches branched from it, changes only through the PR process.feature– feature/this-is-a-new-feature-branchcodebugfix– codebugfix/name-of-the-buglanguagefix- languagefix/fix-detailsrelease– release/1.0.0 - cut from main when ready
After completing work on a feature branch, rebase main before opening a PR. After PR is approved, rebase again to make sure changes from the latest main are picked up before merging the PR.
In the commit message, always continue the sentence "This commit does ...".
Examples of good commit messages: "This commit renames examples folder in the root of the repo to reference-implementations" "This commit bumps dependency packages versions to fix potential security issues".
Anyone can do a pull request and commit. In order for your work to be merged, you will need to sign the iCLA (individual contributor agreement) if you are just contributing for yourself. If you are contributing on behalf of your company, you will also need to to sign the eCLA (entity contributor agreement). Learn more about the CLAs here.
The iCLA is administered by a bot which will comment on your PR and direct you to sign the iCLA if you haven’t previously done so. This happens automatically when people submit a pull request.
Questions or comments about this project's work may be composed as GitHub issues or comments or may be directed to the project's general email list at [email protected]. General questions about OASIS Open Projects may be directed to OASIS staff at [email protected].