Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-10-01 01:25:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'contrib' of https://github.com/fepitre/qubes-doc into fepitre-contrib

Browse Source
This commit is contained in:
Andrew David Wong 2019-11-14 02:57:23 -06:00
commit a64d136eb3
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
developer/general/package-contributions.md
View File

@ -72,6 +72,16 @@ The review procedure is as follows:
If the pull request passes the QCR's review, the QCR pushes a [signed][sig] tag to the HEAD commit stating that it has passed review and fast-forward merges the pull request. If the pull request passes the QCR's review, the QCR pushes a [signed][sig] tag to the HEAD commit stating that it has passed review and fast-forward merges the pull request.
If the pull request does not pass the QCR's review, the QCR leaves a comment on the pull request explaining why not, and the QCR may decide to close the pull request. If the pull request does not pass the QCR's review, the QCR leaves a comment on the pull request explaining why not, and the QCR may decide to close the pull request.
In all the cases, the first condition to be validated by the QCR's review is to ensure that the contribution **will not** hijack any core packages of [QubesOS] and of course, none of the [QubesOS-contrib] packages too. More precisely, particular attention to the whole build pipeline will be made with a specific review of:
- Package dependencies,
- Build scripts (including downloaded ones),
- All downloaded components should be verified against static hash,
- RPM/DEB installation scripts (e.g. looking at constraints who would hijack other packages),
- Makefiles,
- Package build [reproducible]
and any steps which would result in partial/total compromise of legitimate components.
Package Maintainers Package Maintainers
------------------- -------------------
If you contribute a package, we assume that you will be the maintainer of that package, unless you tell us otherwise. If you contribute a package, we assume that you will be the maintainer of that package, unless you tell us otherwise.
@ -93,6 +103,7 @@ If you do not act on your maintainer duties for a given package for an extended
[sig]: /doc/code-signing/ [sig]: /doc/code-signing/
[coding guidelines]: /doc/coding-style/ [coding guidelines]: /doc/coding-style/
[qubes-devel mailing list]: /support/#qubes-devel [qubes-devel mailing list]: /support/#qubes-devel
[QubesOS]: https://github.com/QubesOS
[QubesOS-contrib]: https://github.com/QubesOS-contrib [QubesOS-contrib]: https://github.com/QubesOS-contrib
[qubes-issues]: https://github.com/QubesOS/qubes-issues/issues/ [qubes-issues]: https://github.com/QubesOS/qubes-issues/issues/
[reproducible]: https://reproducible-builds.org/