Merge branch 'master' into core-updates

author: Mark H Weaver <mhw@netris.org> 2017-06-26 00:00:58 -0400
committer: Mark H Weaver <mhw@netris.org> 2017-06-26 00:00:58 -0400
commit: ed068b960eeedb92823238783779730319b8ba0e (patch)
tree: 36a4de280458d52520b911b2716eb5cea309fd78 /doc/contributing.texi
parent: a9308efec642bfbce480545a22fce848e6212456 (diff)
parent: ffc015bea26f24d862e7e877d907fbe1ab9a9967 (diff)
download: guix-patches-ed068b960eeedb92823238783779730319b8ba0e.tar
guix-patches-ed068b960eeedb92823238783779730319b8ba0e.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/contributing.texi b/doc/contributing.texi
index 925c584e42..0073f24518 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -334,6 +334,12 @@ updates for a given software package in a single place and have them
 affect the whole system---something that bundled copies prevent.
 
 @item
+If the authors of the packaged software provide a cryptographic
+signature for the release tarball, make an effort to verify the
+authenticity of the archive.  For a detached GPG signature file this
+would be done with the @code{gpg --verify} command.
+
+@item
 Take a look at the profile reported by @command{guix size}
 (@pxref{Invoking guix size}).  This will allow you to notice references
 to other packages unwillingly retained.  It may also help determine
author	Mark H Weaver <mhw@netris.org>	2017-06-26 00:00:58 -0400
committer	Mark H Weaver <mhw@netris.org>	2017-06-26 00:00:58 -0400
commit	ed068b960eeedb92823238783779730319b8ba0e (patch)
tree	36a4de280458d52520b911b2716eb5cea309fd78 /doc/contributing.texi
parent	a9308efec642bfbce480545a22fce848e6212456 (diff)
parent	ffc015bea26f24d862e7e877d907fbe1ab9a9967 (diff)
download	guix-patches-ed068b960eeedb92823238783779730319b8ba0e.tar guix-patches-ed068b960eeedb92823238783779730319b8ba0e.tar.gz