mirror of
https://github.com/xroche/httrack.git
synced 2026-06-28 04:57:49 +03:00
452a9f6c67
httrack had no community-health files. Add a short CONTRIBUTING (PR/style basics, security-sensitivity, an outcome-only AI-assistance policy), the Contributor Covenant 2.1 as CODE_OF_CONDUCT, and a SECURITY policy with a verified-reproduction bar for AI-assisted reports. Require a Signed-off-by (DCO) on every commit and enforce it in CI via a new pull_request-only job. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Signed-off-by: Xavier Roche <roche@httrack.com>
1.3 KiB
1.3 KiB
Contributing to HTTrack
HTTrack is small and old. Keep changes easy to review and safe to merge.
Pull requests
- One change per PR. Small diffs merge fast.
- PRs are squash-merged: the title and description become the commit message, so explain why.
- Add or update tests for engine changes (
tests/), and keep CI green.
Style
- C, matching nearby code. Format only the lines you change (
git clang-formatagainst the repo.clang-format). Never reformat untouched code. - Comment the why, in English.
- HTTrack parses hostile input off the network. Check bounds, avoid unchecked copies, and never let an attacker-controlled length drive arithmetic unchecked.
Sign your work
Every commit needs a Signed-off-by line, the
DCO: git commit -s. CI rejects unsigned
commits; fix a branch with git rebase --signoff master.
AI assistants
Welcome, and nothing to disclose. Two rules:
- Own every line as if you wrote it. Can't explain it in review? Not ready.
- Don't push your work onto reviewers. A raw generated patch a maintainer has to vet from scratch will be closed.
The sign-off covers AI-assisted code too.
Bugs
Open an issue with the version, OS, command used, and expected vs actual result. For security issues see SECURITY.md, not a public issue.