EJBCA - Open Source PKI Certificate Authority
Search ejbca.org for:
PrimeKey Support, Development and Maintenance services

Contributions

EJBCA is an open source project and appreciates community contributions:

  • Contribute code - we love patches! If you have a new feature or bug-fix, this is the absolute fastest way get it implemented.
    A well written feature or bug-fix with proper JUnit tests have a very high probability of living on, thus removing the maintenance burden of patching EJBCA every time you upgrade.
  • Contribute documentation. Documentation can always be improved.
  • Contribute translations. Translations can always be improved.
  • Report bugs, suggest new features and improvements. You can do it all through the Bug Database.
  • Join the EJBCA Team!
  • Due to Common Criteria certification we can not be very generous with SVN commit access. We may get SVN access if you prove yourself, have long-term intentions and sign of on our Development Policy.
See contact & support for ways to contact the EJBCA Team.

The EJBCA Wiki have all the information you need to get started developing EJBCA.

Donations

You can donate to EJBCA in a number of ways:

  • By purchasing an Enterprise Support contract. We have ready-made support programs for you. Contact the project admins at contact & support, or see www.primekey.se.
  • By hiring us for integration, or sponsoring development of new features. Contact the project admins at contact & support.
  • Through Donations.

Commit privileges policy

The purpose of the commit privileges policy is to maintain assurance that unauthorized modifications are not being done.

The policy for determining who have commit rights to the repositories are:

  • Only trusted staff or partners who are active in development have commit right to the repository.
  • All persons have previously undergone code review of their work, to ensure they produce good code.
  • After 6 months without repository activity, commit privileges will be withdrawn. To be added again if needed.
  • All commits are monitored in irc-channel, fisheye, release diffs and using a QA review process.

Contributor security policy

EJBCA is a security project, under Common Criteria evaluation. As such a few security policies are needed. In order for any contributor to get source code repository commit access the contributor must agree on some security policies. Contributors with no commit access are not bothered by this policy.

Password usage

Passwords used need to comply with the following requirements:

  • Have 8 or more characters.
  • Include letters, numbers and special characters.

Workstation protection

The user is responsible for protecting the development workstation according to best practices and best effort. This includes, but is not limited to, firewalls, virus and malware protection.

User responsibilities

This policy applies to all users who are given physical and/or logical access to servers.

Once a server account has been assigned, the user is then responsible for ensuring the adherence to all policies and guidelines. Account information must not be shared, distributed or exchanged with anyone other than the person to whom the information was assigned. This includes, but is not limited to, usernames, user IDs, passwords, IP addresses, network diagrams or any other information which may jeopardize the security of the servers. The user is responsible for informing the management within 24 hours if:

  • His account information has been compromised.
  • His computer has been infected by a virus, or other malware.

Copyright © 2001-2011 EJBCA team. All rights reserved.