curl/curl
How to contribute
Active contributors: Daniel Stenberg, Viktor Szakats, Stefan Eissing, Jay Satiro, Dan Fandrich
Purpose
This section captures the conventions and processes contributors follow when working on curl. The authoritative document is docs/CONTRIBUTE.md; this wiki summarizes the parts most relevant to getting a change merged.
Where work comes from
| Source | What lives there |
|---|---|
| https://github.com/curl/curl/issues | Open issues, including bug reports and feature requests |
| https://github.com/curl/curl/pulls | All proposed code changes |
docs/TODO.md |
Long-running ideas the maintainer would accept |
docs/KNOWN_BUGS.md |
Open bugs with reproducers |
docs/HELP-US.md |
"Good first issue" pointers |
| https://curl.se/mail/list.cgi?list=curl-library | Library-development mailing list |
#curl on Libera Chat (IRC) |
Real-time discussion |
The project does not use an issue tracker bot. Tagging an issue is a maintainer action.
Definition of done
A change is ready to merge when all of the following hold:
- The code compiles with both Autotools and CMake on Linux, macOS, and Windows (the matrix runs in CI for every PR — see
.github/workflows/). make testpasses locally for at least one TLS backend.make checksrcpasses (style checker,scripts/checksrc.pl).- Documentation under
docs/is updated for any new public option or behaviour change. - A test under
tests/data/test*exercises the new code path (or the contributor explains why this is impractical). - The commit history is clean (one logical change per commit, no merge commits) and the messages explain why.
- The PR has at least one maintainer approval.
The project's "feature window" gates new features (not bugfixes): for ~10 days after a release the window is closed and only bugfixes merge. This is documented in docs/CONTRIBUTE.md.
What's in this section
| Page | What it covers |
|---|---|
| Development workflow | Branch, commit, PR, review, merge |
| Testing | The Perl test harness, unit tests, fuzz, torture mode, CI |
| Debugging | --trace, CURL_DEBUG, memory tracking, lib/curl_trc.c |
| Patterns and conventions | C89, error handling, Curl_* prefix, dynbuf, LL/hash tables, single-file static |
| Tooling | checksrc, managen, mk-ca-bundle, cd2nroff, fuzzers, sanitizers |
Reporting security issues
Do not open a public issue. Send a report via https://curl.se/dev/vuln-disclosure.html. The disclosure policy is detailed in docs/VULN-DISCLOSURE-POLICY.md. Curl runs a bug bounty (docs/BUG-BOUNTY.md) administered through HackerOne.
Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.