Breaking schema, scoring, canonicalization, and attestation changes require an RFC.
- Minor doc fixes and examples can land through ordinary pull requests.
- Schema changes require migration notes, test fixtures, and compatibility review.
- Scoring changes require rule ID review and release notes.
- Attestation template changes require privacy review and closed-key-set tests.
- Maintainers approve releases by consensus of active maintainers.
Apache-2.0 inbound and outbound. Contributors retain copyright. No CLA is required.