diff options
author | Ricardo Wurmus <rekado@elephly.net> | 2017-11-08 17:19:45 +0100 |
---|---|---|
committer | Ricardo Wurmus <rekado@elephly.net> | 2017-11-08 17:19:45 +0100 |
commit | 308c08d37168c5e47b581e372438c4579ef2a1f7 (patch) | |
tree | d160963990695351822d8dce4045d7e9162d8b38 | |
parent | 697e341e7469eaf93a795d78ded0dd334d722730 (diff) | |
download | guix-308c08d37168c5e47b581e372438c4579ef2a1f7.tar.gz |
doc: Move paragraph about signature verification to the top.
* doc/contributing.texi (Submitting Patches): Remind contributors to verify cryptographic signatures at the very beginning.
-rw-r--r-- | doc/contributing.texi | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/doc/contributing.texi b/doc/contributing.texi index 1b1875fa0c..1dd3ea8e1d 100644 --- a/doc/contributing.texi +++ b/doc/contributing.texi @@ -309,6 +309,12 @@ please run through this check list: @enumerate @item +If the authors of the packaged software provide a cryptographic +signature for the release tarball, make an effort to verify the +authenticity of the archive. For a detached GPG signature file this +would be done with the @code{gpg --verify} command. + +@item Take some time to provide an adequate synopsis and description for the package. @xref{Synopses and Descriptions}, for some guidelines. @@ -336,12 +342,6 @@ updates for a given software package in a single place and have them affect the whole system---something that bundled copies prevent. @item -If the authors of the packaged software provide a cryptographic -signature for the release tarball, make an effort to verify the -authenticity of the archive. For a detached GPG signature file this -would be done with the @code{gpg --verify} command. - -@item Take a look at the profile reported by @command{guix size} (@pxref{Invoking guix size}). This will allow you to notice references to other packages unwillingly retained. It may also help determine |