mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2024-10-01 01:25:40 -04:00
Merge branch 'contrib' of https://github.com/fepitre/qubes-doc into fepitre-contrib
This commit is contained in:
commit
a64d136eb3
@ -72,6 +72,16 @@ The review procedure is as follows:
|
||||
If the pull request passes the QCR's review, the QCR pushes a [signed][sig] tag to the HEAD commit stating that it has passed review and fast-forward merges the pull request.
|
||||
If the pull request does not pass the QCR's review, the QCR leaves a comment on the pull request explaining why not, and the QCR may decide to close the pull request.
|
||||
|
||||
In all the cases, the first condition to be validated by the QCR's review is to ensure that the contribution **will not** hijack any core packages of [QubesOS] and of course, none of the [QubesOS-contrib] packages too. More precisely, particular attention to the whole build pipeline will be made with a specific review of:
|
||||
- Package dependencies,
|
||||
- Build scripts (including downloaded ones),
|
||||
- All downloaded components should be verified against static hash,
|
||||
- RPM/DEB installation scripts (e.g. looking at constraints who would hijack other packages),
|
||||
- Makefiles,
|
||||
- Package build [reproducible]
|
||||
|
||||
and any steps which would result in partial/total compromise of legitimate components.
|
||||
|
||||
Package Maintainers
|
||||
-------------------
|
||||
If you contribute a package, we assume that you will be the maintainer of that package, unless you tell us otherwise.
|
||||
@ -93,6 +103,7 @@ If you do not act on your maintainer duties for a given package for an extended
|
||||
[sig]: /doc/code-signing/
|
||||
[coding guidelines]: /doc/coding-style/
|
||||
[qubes-devel mailing list]: /support/#qubes-devel
|
||||
[QubesOS]: https://github.com/QubesOS
|
||||
[QubesOS-contrib]: https://github.com/QubesOS-contrib
|
||||
[qubes-issues]: https://github.com/QubesOS/qubes-issues/issues/
|
||||
|
||||
[reproducible]: https://reproducible-builds.org/
|
||||
|
Loading…
Reference in New Issue
Block a user