Testing usability and the installation process on different platforms is also a valuable contribution. Please report your results back to us developers. Bandwidth is getting cheaper daily, so don't be afraid -- in fact, feel encouraged -- to dump as much detail about the problems you are seeing as possible into your bug reports. Here are some things you definitely should try to include:
What version of ViewVC you are using (if you are using a source snapshot, tell us the date of that snapshot).
What operating system your ViewVC is running on.
What version of Python you are using.
Whether you are running ViewVC standalone, or as a CGI program under a web server (and if so, what web server).
The URL of your ViewVC instantiation, if it is public. Sometimes, letting developers see the problem for themselves can save everyone alot of time.
Unlike its predecessor, CvsWeb, ViewVC is written in Python, so it doesn't suffer from the “unmaintainable code effect” that hits most Perl projects sooner or later:
"[Perl] combines all the worst aspects of C and Lisp: a billion different sublanguages in one monolithic executable. It combines the power of C with the readability of PostScript." -- Jamie Zawinski
Of course, a symphony of insanity can be composed in any language, so we do try to stick to some basic guiding principles. Maintain whatever style is present in the code being modified. New code can use anything sane (which generally means PEP 8). Our only real peeve is if someone writes a function call as: some_func (args) -- that space between the function name and opening parenthesis is Huge Badness.
Otherwise... shrug.
Since ViewVC is used on the Internet, security is a major concern. If you need to pass data from the request into an external program, please don't use os.system() or os.popen(). Please use the module lib/popen.py that is included in the ViewVC distribution instead.
You might also wish to consult the list of previously reported security vulnerabilities to get an idea of what kinds of bugs ViewVC has historically had in this area. That knowledge could just help you to avoid introducing similar problems into future releases.
If you need a new configuration option think carefully, into which section it belongs. Try to keep the content of cgi/viewvc.conf.dist file and the library module lib/config.py in sync.
Because ViewVC is a Web-based application, people will have ViewVC URLs hyperlinked from other sites, embedded in emails, bookmarked in their browsers, etc. It is very important to ensure that those URLs continue to retrieve the information they were intended to retrieve even if ViewVC is upgraded on the hosting server. In other words, as new features require modifications to the ViewVC URL schema, make sure those modifications preserve the existing functionality of all ViewVC URLs.
If a new file or module is added, a new line in the installer program viewvc-install is required.
The library module ezt.py contains a module docstring which describes the directives used in the HTML templates used by ViewVC. The templates themselves can be found in the templates subdirectory. We're currently developing a how-to guide for ViewVC template customization.