From 308c08d37168c5e47b581e372438c4579ef2a1f7 Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Wed, 8 Nov 2017 17:19:45 +0100 Subject: doc: Move paragraph about signature verification to the top. * doc/contributing.texi (Submitting Patches): Remind contributors to verify cryptographic signatures at the very beginning. --- doc/contributing.texi | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'doc') diff --git a/doc/contributing.texi b/doc/contributing.texi index 1b1875fa0c..1dd3ea8e1d 100644 --- a/doc/contributing.texi +++ b/doc/contributing.texi @@ -308,6 +308,12 @@ Before submitting a patch that adds or modifies a package definition, please run through this check list: @enumerate +@item +If the authors of the packaged software provide a cryptographic +signature for the release tarball, make an effort to verify the +authenticity of the archive. For a detached GPG signature file this +would be done with the @code{gpg --verify} command. + @item Take some time to provide an adequate synopsis and description for the package. @xref{Synopses and Descriptions}, for some guidelines. @@ -335,12 +341,6 @@ distribution to make transverse changes such as applying security updates for a given software package in a single place and have them affect the whole system---something that bundled copies prevent. -@item -If the authors of the packaged software provide a cryptographic -signature for the release tarball, make an effort to verify the -authenticity of the archive. For a detached GPG signature file this -would be done with the @code{gpg --verify} command. - @item Take a look at the profile reported by @command{guix size} (@pxref{Invoking guix size}). This will allow you to notice references -- cgit v1.2.3