From dc7aff446ae096c5ac6bb2cff658fb0cacf87f3d Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Fri, 30 Jan 2015 14:28:39 -0600
Subject: [PATCH] Fix up README.md and CONTRIBUTING.md

* Specifically disclaim scripts
* Prefer end note links
* Pre-fill the issue submission form (check it out:
  http://r-7.co/MSF-BUGSv1 )
---
 CONTRIBUTING.md | 79 ++++++++++++++++++++++++++++++++-----------------
 README.md       |  3 ++
 2 files changed, 55 insertions(+), 27 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 423fa6c5cc..1b8e17178a 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -3,9 +3,7 @@
 Thanks for your interest in making Metasploit -- and therefore, the
 world -- a better place!
 
-Are you about to report a bug? Sorry to hear it.
-
-Here's our [Issue tracker](https://github.com/rapid7/metasploit-framework/issues).
+Are you about to report a bug? Sorry to hear it. Here's our [Issue tracker].
 Please try to be as specific as you can about your problem, include steps
 to reproduce (cut and paste from your console output if it's helpful), and
 what you were expecting to happen.
@@ -13,7 +11,7 @@ what you were expecting to happen.
 Are you about to report a security vulnerability in Metasploit itself?
 How ironic! Please take a look at Rapid7's [Vulnerability
 Disclosure Policy](https://www.rapid7.com/disclosure.jsp), and send
-your report to security@rapid7.com using [our PGP key](http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x2380F85B8AD4DB8D).
+your report to security@rapid7.com using our [PGP key].
 
 Are you about to contribute some new functionality, a bug fix, or a new
 Metasploit module? If so, read on...
@@ -27,50 +25,55 @@ make it into Metasploit's master branch.
 If you care not to follow these rules, your contribution **will** be
 closed (*Road House* style). Sorry!
 
-This is intended to be a **short** list. The
-[wiki](https://github.com/rapid7/metasploit-framework/wiki) is much more
+This is intended to be a **short** list. The [wiki] is much more
 exhaustive and reveals many mysteries. If you read nothing else, take a
-look at the standard [development environment setup
-guide](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment)
-and Metasploit's [Common Coding Mistakes](https://github.com/rapid7/metasploit-framework/wiki/Common-Metasploit-Module-Coding-Mistakes).
+look at the standard [development environment setup] guide,
+and Metasploit's [Common Coding Mistakes].
 
 ## Code Contributions
 
-* **Do** stick to the [Ruby style guide](https://github.com/bbatsov/ruby-style-guide).
-* **Do** get [Rubocop](https://rubygems.org/search?query=rubocop) relatively quiet against the code you are adding or modifying.
-* **Do** follow the [50/72 rule](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html) for Git commit messages.
-* **Don't** use the default merge messages when merging from other
-   branches.
-* **Do** create a [topic branch](http://git-scm.com/book/en/Git-Branching-Branching-Workflows#Topic-Branches) to work on instead of working directly on `master`.
+* **Do** stick to the [Ruby style guide].
+* **Do** get [Rubocop] relatively quiet against the code you are adding or modifying.
+* **Do** follow the [50/72 rule] for Git commit messages.
+* **Don't** use the default merge messages when merging from other branches.
+* **Do** create a [topic branch] to work on instead of working directly on `master`.
 
 ### Pull Requests
 
 * **Do** target your pull request to the **master branch**. Not staging, not develop, not release.
 * **Do** specify a descriptive title to make searching for your pull request easier.
-* **Do** include [console output](https://help.github.com/articles/github-flavored-markdown#fenced-code-blocks), especially for witnessable effects in `msfconsole`.
-* **Do** list [verification steps](https://help.github.com/articles/writing-on-github#task-lists) so your code is testable.
+* **Do** include [console output], especially for witnessable effects in `msfconsole`.
+* **Do** list [verification steps] so your code is testable.
 * **Don't** leave your pull request description blank.
 * **Don't** abandon your pull request. Being responsive helps us land your code faster.
 
-Pull requests [#2940](https://github.com/rapid7/metasploit-framework/pull/2940) and [#3043](https://github.com/rapid7/metasploit-framework/pull/3043) are a couple good examples to follow.
+Pull requests [PR#2940] and [PR#3043] are a couple good examples to follow.
 
 #### New Modules
 
-* **Do** run `tools/msftidy.rb` against your module and fix any errors or warnings that come up. Even better would be to set up `msftidy.rb` as a [pre-commit hook](https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb).
-* **Do** use the [many module mixin APIs](https://rapid7.github.io/metasploit-framework/api/). Wheel improvements are welcome; wheel reinventions, not so much.
+* **Do** run `tools/msftidy.rb` against your module and fix any errors or warnings that come up.
+  - Even better would be to set up `msftidy.rb` as a [pre-commit hook].
+* **Do** use the many module mixin [API]s. Wheel improvements are welcome; wheel reinventions, not so much.
 * **Don't** include more than one module per pull request.
 
+#### Scripts
+
+* **Don't** submit new [scripts].  Scripts are shipped as examples for
+  automating local tasks, and anything "serious" can be done with post
+  modules and local exploits.
+
 #### Library Code
 
-* **Do** write [RSpec](http://rspec.info/) tests - even the smallest change in library land can thoroughly screw things up.
-* **Do** follow [Better Specs](http://betterspecs.org/) - it's like the style guide for specs.
-* **Do** write [YARD](http://yardoc.org/) documentation - this makes it easier for people to use your code.
+* **Do** write [RSpec] tests - even the smallest change in library land can thoroughly screw things up.
+* **Do** follow [Better Specs] - it's like the style guide for specs.
+* **Do** write [YARD] documentation - this makes it easier for people to use your code.
 * **Don't** fix a lot of things in one pull request. Small fixes are easier to validate.
 
 #### Bug Fixes
 
 * **Do** include reproduction steps in the form of verification steps.
-* **Do** include a link to any corresponding [Issue](https://github.com/rapid7/metasploit-framework/issues) in the format of `See #1234` in your commit description.
+* **Do** include a link to any corresponding [Issues] in the format of
+  `See #1234` in your commit description.
 
 ## Bug Reports
 
@@ -80,9 +83,31 @@ Pull requests [#2940](https://github.com/rapid7/metasploit-framework/pull/2940)
 * **Don't** file duplicate reports - search for your bug before filing a new report.
 
 If you need some more guidance, talk to the main body of open
-source contributors over on the [Freenode IRC channel](http://webchat.freenode.net/?channels=%23metasploit&uio=d4)
-or e-mail us at [metasploit-hackers](https://lists.sourceforge.net/lists/listinfo/metasploit-hackers)
-mailing list.
+source contributors over on the [Freenode IRC channel]
+or e-mail us at [metasploit-hackers] mailing list.
 
 Also, **thank you** for taking the few moments to read this far! You're
 already way ahead of the curve, so keep it up!
+
+[Issue Tracker]:http://r-7.co/MSF-BUGv1
+[PGP key]:http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x2380F85B8AD4DB8D
+[wiki]:https://github.com/rapid7/metasploit-framework/wiki
+[scripts]: https://github.com/rapid7/metasploit-framework/tree/master/scripts
+[development environment setup]:http://r-7.co/MSF-DEV
+[Common Coding Mistakes]:https://github.com/rapid7/metasploit-framework/wiki/Common-Metasploit-Module-Coding-Mistakes
+[Ruby style guide]:https://github.com/bbatsov/ruby-style-guide
+[Rubocop]:https://rubygems.org/search?query=rubocop
+[50.72 rule]:http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html
+[topic branch]:http://git-scm.com/book/en/Git-Branching-Branching-Workflows#Topic-Branches
+[console output]:https://help.github.com/articles/github-flavored-markdown#fenced-code-blocks
+[verification steps]:https://help.github.com/articles/writing-on-github#task-lists
+[PR#2940]:https://github.com/rapid7/metasploit-framework/pull/2940
+[PR#3043]:https://github.com/rapid7/metasploit-framework/pull/3043
+[pre-commit hook]:https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb
+[API]:https://rapid7.github.io/metasploit-framework/api/
+[RSpec]:http://rspec.info/
+[Better Specs]:http://betterspecs.org/
+[YARD]:http://yardoc.org/
+[Issues]:https://github.com/rapid7/metasploit-framework/issues
+[Freenode IRC channel]:http://webchat.freenode.net/?channels=%23metasploit&uio=d4
+[metasploit-hackers]:https://lists.sourceforge.net/lists/listinfo/metasploit-hackers
diff --git a/README.md b/README.md
index 13567bd69a..7a77732047 100644
--- a/README.md
+++ b/README.md
@@ -8,6 +8,9 @@ The latest version of this software is available from https://metasploit.com/
 Bug tracking and development information can be found at:
  https://github.com/rapid7/metasploit-framework
 
+New bugs and feature requests should be directed to:
+  http://r-7.co/MSF-BUGv1
+
 API documentation for writing modules can be found at:
   https://rapid7.github.io/metasploit-framework/api