From e5bfb48f8d2bf7ae31aa2ca6fbc84d70d5b4618c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Pierret=20=28fepitre=29?= Date: Fri, 8 Nov 2019 22:01:59 +0100 Subject: [PATCH] contrib: improvements from Marek's suggestions --- developer/general/package-contributions.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/developer/general/package-contributions.md b/developer/general/package-contributions.md index 36f3e929..4339b577 100644 --- a/developer/general/package-contributions.md +++ b/developer/general/package-contributions.md @@ -72,7 +72,13 @@ The review procedure is as follows: If the pull request passes the QCR's review, the QCR pushes a [signed][sig] tag to the HEAD commit stating that it has passed review and fast-forward merges the pull request. If the pull request does not pass the QCR's review, the QCR leaves a comment on the pull request explaining why not, and the QCR may decide to close the pull request. -In all the cases, the first condition to be validated by the QCR's review is to ensure that the current packaging (RPM, DEB, etc.) **will not** hijack any core packages of [QubesOS] and of course, none of [QubesOS-contrib] packages too. +In all the cases, the first condition to be validated by the QCR's review is to ensure that the contribution **will not** hijack any core packages of [QubesOS] and of course, none of the [QubesOS-contrib] packages too. More precisely, particular attention to the whole build pipeline will be made with a specific review of: + - Package dependencies, + - Build scripts, + - RPM/DEB installation scripts (e.g. looking at constraints who would hijack other packages), + - Makefiles, + +and any steps which would result in partial/total compromission of legetimate components. Package Maintainers -------------------