tercer
commented
3 years ago SealPIR has a contributing section, that explicitly describes their contributing code of conduct: https://github.com/microsoft/SealPIR
A separate contributing markdown has proven a useful feature of this repo (not crypto, but contributors from a dozen different universities/companies to build community infrastructure): https://gitlab.com/datadrivendiscovery/automl-rpc with https://gitlab.com/datadrivendiscovery/automl-rpc/-/blob/devel/CONTRIBUTING.md
This week we had a meeting to discuss the vetting process for contributing to the OpenDP library. Of particular concern is contribution of new algorithms that would need to be vetted by someone with the appropriate expertise in mathematics and proofs.
We decided to review the contribution guidelines for a few open source projects that we feel are similar in spirit, that also have the need for extended vetting not just of code but of mathematical formulas. Specifically, we had in mind libraries that implement cryptography.
Using a list from Wikipedia as a starting point, I looked at three cryptography libraries I'd heard of and one (Crypto++) that caught my eye.
To summarize my findings:
(If we'd like to review additional libraries, I started a spreadsheet for the ones above.)
In the course of this review, I came across FIPS 140 which is an official form of vetting from the U.S. government for cryptography. I don't believe we are looking for anything this formal.
Like Crypto++, OpenDP should communicate that contributing algorithms will get extra scrutiny. Other projects like OpenSSL don't seem to put emphasis on this point but it doesn't appear to be necessary.