[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/03: doc: Move paragraph about signature verification to the top.
From: |
Ricardo Wurmus |
Subject: |
01/03: doc: Move paragraph about signature verification to the top. |
Date: |
Wed, 8 Nov 2017 11:35:24 -0500 (EST) |
rekado pushed a commit to branch master
in repository guix.
commit 308c08d37168c5e47b581e372438c4579ef2a1f7
Author: Ricardo Wurmus <address@hidden>
Date: Wed Nov 8 17:19:45 2017 +0100
doc: Move paragraph about signature verification to the top.
* doc/contributing.texi (Submitting Patches): Remind contributors to verify
cryptographic signatures at the very beginning.
---
doc/contributing.texi | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/doc/contributing.texi b/doc/contributing.texi
index 1b1875f..1dd3ea8 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -309,6 +309,12 @@ please run through this check list:
@enumerate
@item
+If the authors of the packaged software provide a cryptographic
+signature for the release tarball, make an effort to verify the
+authenticity of the archive. For a detached GPG signature file this
+would be done with the @code{gpg --verify} command.
+
address@hidden
Take some time to provide an adequate synopsis and description for the
package. @xref{Synopses and Descriptions}, for some guidelines.
@@ -336,12 +342,6 @@ updates for a given software package in a single place and
have them
affect the whole system---something that bundled copies prevent.
@item
-If the authors of the packaged software provide a cryptographic
-signature for the release tarball, make an effort to verify the
-authenticity of the archive. For a detached GPG signature file this
-would be done with the @code{gpg --verify} command.
-
address@hidden
Take a look at the profile reported by @command{guix size}
(@pxref{Invoking guix size}). This will allow you to notice references
to other packages unwillingly retained. It may also help determine