| order |
|---|
5 |
- The codebase MUST have a public issue tracker that accepts suggestions from anyone.
- The codebase MUST include instructions for how to privately report security issues for responsible disclosure.
- The documentation MUST link to both the public issue tracker and submitted codebase changes, for example in a
READMEfile. - The codebase MUST have communication channels for users and developers, for example email lists.
- The documentation SHOULD include instructions for how to report potentially security sensitive issues on a closed channel.
- Enables users to fix problems and add features to the shared codebase leading to better, more reliable and feature rich software.
- Allows collaborative uptake of shared digital infrastructure.
- Helps users decide to use one codebase over another.
- Guarantee others will reuse the codebase.
- There's a public issue tracker.
- It's possible to participate in a discussion with other users about the software.
- Track policy issues in the codebase, so that a relevant external policy expert can volunteer help.
- Track management issues in the codebase, so that external managers with relevant experience can volunteer help.
- Support your experienced policy makers, developers and designers to keep contributing to the codebase for as long as possible.
- Respond promptly to requests.
- Keep your management informed of the time and resources you require to support other contributors.
- How to inspire exceptional contributions to your open-source project by Joel Hans.
- The benefits of coding in the open by the UK Government Digital Service.
- The security policy by Verdaccio is a really nice example.