diff --git a/developer/general/package-contributions.md b/developer/general/package-contributions.md
index fb4e753b..bc52aae5 100644
--- a/developer/general/package-contributions.md
+++ b/developer/general/package-contributions.md
@@ -72,6 +72,16 @@ The review procedure is as follows:
     If the pull request passes the QCR's review, the QCR pushes a [signed][sig] tag to the HEAD commit stating that it has passed review and fast-forward merges the pull request.
     If the pull request does not pass the QCR's review, the QCR leaves a comment on the pull request explaining why not, and the QCR may decide to close the pull request.
 
+In all the cases, the first condition to be validated by the QCR's review is to ensure that the contribution **will not** hijack any core packages of [QubesOS] and of course, none of the [QubesOS-contrib] packages too. More precisely, particular attention to the whole build pipeline will be made with a specific review of:
+   - Package dependencies,
+   - Build scripts (including downloaded ones),
+   - All downloaded components should be verified against static hash,
+   - RPM/DEB installation scripts (e.g. looking at constraints who would hijack other packages),
+   - Makefiles,
+   - Package build [reproducible]
+
+and any steps which would result in partial/total compromise of legitimate components.
+
 Package Maintainers
 -------------------
 If you contribute a package, we assume that you will be the maintainer of that package, unless you tell us otherwise.
@@ -93,6 +103,7 @@ If you do not act on your maintainer duties for a given package for an extended
 [sig]: /doc/code-signing/
 [coding guidelines]: /doc/coding-style/
 [qubes-devel mailing list]: /support/#qubes-devel
+[QubesOS]: https://github.com/QubesOS
 [QubesOS-contrib]: https://github.com/QubesOS-contrib
 [qubes-issues]: https://github.com/QubesOS/qubes-issues/issues/
-
+[reproducible]: https://reproducible-builds.org/