Merge pull request #107 from zip-rs/Pr0methean-patch-2

doc: Rewrite pull_request_template.md
zip-rs · May 10, 2024 · 9501817 · 9501817
2 parents 1579f7a + 6b0c934
commit 9501817
Showing 1 changed file with 31 additions and 7 deletions.
diff --git a/pull_request_template.md b/pull_request_template.md
@@ -1,16 +1,38 @@
 <!-- 
-We welcome your pull request, but we have some requirements that a lot of PRs don't meet:
+We welcome your pull request, but because this crate is downloaded about 1.7 million times per month (see https://crates.io/crates/zip),
+and because ZIP file processing has caused security issues in the past (see 
+https://www.cvedetails.com/vulnerability-search.php?f=1&vendor=&product=zip&cweid=&cvssscoremin=&cvssscoremax=&publishdatestart=&publishdateend=&updatedatestart=&updatedateend=&cisaaddstart=&cisaaddend=&cisaduestart=&cisadueend=&page=1
+for the gory details), we have some requirements that help ensure we continuously earn developers' and their clients'
+trust. I (@Pr0methean) am an Amazonian, and although I maintain this crate in a personal capacity (except when fellow Amazonians 
+express new requirements), I still strive to uphold Amazon's Leadership Principles, especially "Earn Trust" (see
+https://www.amazon.jobs/content/en/our-workplace/leadership-principles). But I've received a lot of PRs that didn't initially meet
+the requirements I derived from that LP.
+
+This crate doesn't filter out "ZIP bombs" because extreme compression ratios and shallow file copies have legitimate uses; but
+I expect the tools the crate provides for checking that extraction is safe, such as the `ZipArchive::decompressed_size` method in
+https://github.com/zip-rs/zip2/blob/master/src/read.rs, to remain reliably effective. I also expect all the crate's methods to
+remain panic-free, so that this crate can be used on servers without creating a denial-of-service vulnerability.
+
+These are our requirements for PRs, in addition to the usual functionality and readability requirements:
 - This codebase sometimes changes rapidly. Please rebase your branch before opening a pull request, and 
-  grant @Pr0methean write access to the source branch (so he can fix later conflicts without being subject 
+  grant @Pr0methean write access to the source branch (so I can fix later conflicts without being subject 
   to the limitations of the web UI) if EITHER of the following apply:
   - It has been at least 24 hours since you forked the repo or previously rebased the branch; or
   - 5 or more pull requests are already open at https://github.com/zip-rs/zip2/pulls. PRs are merged in the order they become
-    eligible (reviewed, passing CI tests, and no conflicts with the base branch). @Pr0methean will attempt to fix merge
+    eligible (reviewed, passing CI tests, and no conflicts with the base branch). I will attempt to fix merge
     conflicts, but this is best-effort.
-- Please make sure the repo your PR targets is `zip-rs/zip2` and not `zip-rs/zip-old`. The latter
-  repo is no longer maintained and will be archived once the pre-existing issues are closed.
-- Your changes must build against the MSRV (see README.md) AND the latest stable Rust version AND the latest nightly Rust version, 
-  with `--no-default-features` AND with `--all-features` AND with the default features.
+- Please make sure your PR's target repo is `zip-rs/zip2` and not `zip-rs/zip-old`. The latter
+  repo is no longer maintained, and I will archive it after closing the pre-existing issues.
+- Your changes must build against the MSRV (see README.md) AND the latest stable Rust version AND the latest nightly Rust version.
+- PRs must pass all the checks specified in `.github/workflows/ci.yaml`, which include:
+  - Unit tests, run with `--no-default-features` AND with `--all-features` AND with the default features, each run
+    against the MSRV (see README.md) AND the latest stable Rust version AND the latest nightly Rust version, on Windows, MacOS 
+    AND Ubuntu (yes, that's a 3-dimensional matrix).
+  - `cargo clippy --all-targets` and `cargo doc --no-deps` must pass with `--no-default-features` AND with `--all-features` 
+    AND with the default features.
+  - `cargo fmt --check --all` must pass.
+- If the above checks force you to add a new `#[allow]` attribute, please place a comment on the same line or just above it, 
+  explaining what the exception applies to and why it's needed.
 - Commit messages and the PR title must conform to [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) and start 
   with one of the types specified by the [Angular convention](https://github.com/angular/angular/blob/22b96b9/CONTRIBUTING.md#type).
 - All commits must be signed and display a "Verified" badge; see 
@@ -28,4 +50,6 @@ We welcome your pull request, but we have some requirements that a lot of PRs do
      https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits
   6. Squash your PR into one commit or run `git commit --amend --no-edit`, because enabling commit signing isn't retroactive
      even for unpushed commits.
+
+Thanks in advance for submitting a bug fix or proposed feature that meets these requirements!
 -->