summary refs log tree commit diff
diff options
context:
space:
mode:
authorRicardo Wurmus <rekado@elephly.net>2017-11-08 17:19:45 +0100
committerRicardo Wurmus <rekado@elephly.net>2017-11-08 17:19:45 +0100
commit308c08d37168c5e47b581e372438c4579ef2a1f7 (patch)
treed160963990695351822d8dce4045d7e9162d8b38
parent697e341e7469eaf93a795d78ded0dd334d722730 (diff)
downloadguix-308c08d37168c5e47b581e372438c4579ef2a1f7.tar.gz
doc: Move paragraph about signature verification to the top.
* doc/contributing.texi (Submitting Patches): Remind contributors to verify
cryptographic signatures at the very beginning.
-rw-r--r--doc/contributing.texi12
1 files changed, 6 insertions, 6 deletions
diff --git a/doc/contributing.texi b/doc/contributing.texi
index 1b1875fa0c..1dd3ea8e1d 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -309,6 +309,12 @@ please run through this check list:
 
 @enumerate
 @item
+If the authors of the packaged software provide a cryptographic
+signature for the release tarball, make an effort to verify the
+authenticity of the archive.  For a detached GPG signature file this
+would be done with the @code{gpg --verify} command.
+
+@item
 Take some time to provide an adequate synopsis and description for the
 package.  @xref{Synopses and Descriptions}, for some guidelines.
 
@@ -336,12 +342,6 @@ updates for a given software package in a single place and have them
 affect the whole system---something that bundled copies prevent.
 
 @item
-If the authors of the packaged software provide a cryptographic
-signature for the release tarball, make an effort to verify the
-authenticity of the archive.  For a detached GPG signature file this
-would be done with the @code{gpg --verify} command.
-
-@item
 Take a look at the profile reported by @command{guix size}
 (@pxref{Invoking guix size}).  This will allow you to notice references
 to other packages unwillingly retained.  It may also help determine