1 files changed, 17 insertions, 1 deletions

diff --git a/docs/contributing.rst b/docs/contributing.rst
index 8e32c368..184ba214 100644
--- a/docs/contributing.rst
+++ b/docs/contributing.rst
@@ -60,6 +60,12 @@ always indistinguishable. As a result ``cryptography`` has, as a design
 philosophy: "make it hard to do insecure things". Here are a few strategies for
 API design which should be both followed, and should inspire other API choices:
 
+If it is necessary to compare a user provided value with a computed value (for
+example, verifying a signature), there should be an API provided which performs
+the verification in a secure way (for example, using a constant time
+comparison), rather than requiring the user to perform the comparison
+themselves.
+
 If it is incorrect to ignore the result of a method, it should raise an
 exception, and not return a boolean ``True``/``False`` flag. For example, a
 method to verify a signature should raise ``InvalidSignature``, and not return
@@ -250,6 +256,16 @@ each supported Python version and run the tests. For example:
 You may not have all the required Python versions installed, in which case you
 will see one or more ``InterpreterNotFound`` errors.
 
+
+Explicit Backend Selection
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+While testing you may want to run tests against a subset of the backends that
+cryptography supports. Explicit backend selection can be done via the
+``--backend`` flag. This flag should be passed to ``py.test`` with a comma
+delimited list of backend names. To use it with ``tox`` you must pass it as
+``tox -- --backend=openssl``.
+
 Building Documentation
 ~~~~~~~~~~~~~~~~~~~~~~
 
@@ -277,5 +293,5 @@ The HTML documentation index can now be found at
 .. _`tox`: https://pypi.python.org/pypi/tox
 .. _`virtualenv`: https://pypi.python.org/pypi/virtualenv
 .. _`pip`: https://pypi.python.org/pypi/pip
-.. _`sphinx`: https://pypi.python.org/pypi/sphinx
+.. _`sphinx`: https://pypi.python.org/pypi/Sphinx
 .. _`reStructured Text`: http://sphinx-doc.org/rest.html