doc: Move paragraph about signature verification to the top.
* doc/contributing.texi (Submitting Patches): Remind contributors to verify cryptographic signatures at the very beginning.
This commit is contained in:
Ricardo Wurmus
parent
697e341e74
commit
308c08d371
1 changed files with 6 additions and 6 deletions
|
|
@ -308,6 +308,12 @@ Before submitting a patch that adds or modifies a package definition,
|
|||
please run through this check list:
|
||||
|
||||
@enumerate
|
||||
@item
|
||||
If the authors of the packaged software provide a cryptographic
|
||||
signature for the release tarball, make an effort to verify the
|
||||
authenticity of the archive. For a detached GPG signature file this
|
||||
would be done with the @code{gpg --verify} command.
|
||||
|
||||
@item
|
||||
Take some time to provide an adequate synopsis and description for the
|
||||
package. @xref{Synopses and Descriptions}, for some guidelines.
|
||||
|
|
@ -335,12 +341,6 @@ distribution to make transverse changes such as applying security
|
|||
updates for a given software package in a single place and have them
|
||||
affect the whole system---something that bundled copies prevent.
|
||||
|
||||
@item
|
||||
If the authors of the packaged software provide a cryptographic
|
||||
signature for the release tarball, make an effort to verify the
|
||||
authenticity of the archive. For a detached GPG signature file this
|
||||
would be done with the @code{gpg --verify} command.
|
||||
|
||||
@item
|
||||
Take a look at the profile reported by @command{guix size}
|
||||
(@pxref{Invoking guix size}). This will allow you to notice references
|
||||
|
|
|
|||
Reference in a new issue