Open-Source Wikis

/

curl

/

How to contribute

curl/curl

How to contribute

Active contributors: Daniel Stenberg, Viktor Szakats, Stefan Eissing, Jay Satiro, Dan Fandrich

Purpose

This section captures the conventions and processes contributors follow when working on curl. The authoritative document is docs/CONTRIBUTE.md; this wiki summarizes the parts most relevant to getting a change merged.

Where work comes from

Source What lives there
https://github.com/curl/curl/issues Open issues, including bug reports and feature requests
https://github.com/curl/curl/pulls All proposed code changes
docs/TODO.md Long-running ideas the maintainer would accept
docs/KNOWN_BUGS.md Open bugs with reproducers
docs/HELP-US.md "Good first issue" pointers
https://curl.se/mail/list.cgi?list=curl-library Library-development mailing list
#curl on Libera Chat (IRC) Real-time discussion

The project does not use an issue tracker bot. Tagging an issue is a maintainer action.

Definition of done

A change is ready to merge when all of the following hold:

  1. The code compiles with both Autotools and CMake on Linux, macOS, and Windows (the matrix runs in CI for every PR — see .github/workflows/).
  2. make test passes locally for at least one TLS backend.
  3. make checksrc passes (style checker, scripts/checksrc.pl).
  4. Documentation under docs/ is updated for any new public option or behaviour change.
  5. A test under tests/data/test* exercises the new code path (or the contributor explains why this is impractical).
  6. The commit history is clean (one logical change per commit, no merge commits) and the messages explain why.
  7. The PR has at least one maintainer approval.

The project's "feature window" gates new features (not bugfixes): for ~10 days after a release the window is closed and only bugfixes merge. This is documented in docs/CONTRIBUTE.md.

What's in this section

Page What it covers
Development workflow Branch, commit, PR, review, merge
Testing The Perl test harness, unit tests, fuzz, torture mode, CI
Debugging --trace, CURL_DEBUG, memory tracking, lib/curl_trc.c
Patterns and conventions C89, error handling, Curl_* prefix, dynbuf, LL/hash tables, single-file static
Tooling checksrc, managen, mk-ca-bundle, cd2nroff, fuzzers, sanitizers

Reporting security issues

Do not open a public issue. Send a report via https://curl.se/dev/vuln-disclosure.html. The disclosure policy is detailed in docs/VULN-DISCLOSURE-POLICY.md. Curl runs a bug bounty (docs/BUG-BOUNTY.md) administered through HackerOne.

Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.

How to contribute – curl wiki | Factory