diff --git a/maintainers/README.md b/maintainers/README.md index 4b691277bde7..e12881851925 100644 --- a/maintainers/README.md +++ b/maintainers/README.md @@ -6,93 +6,93 @@ about a package to assign themselves as a maintainer. When a pull request is made against a package, OfBorg will notify the appropriate maintainer(s). -## (Reviewing contributions) +## Reviewing contributions -### Individual maintainer list {#reviewing-contributions-individual-maintainer-list} +### Individual maintainer list -When adding users to `maintainers/maintainer-list.nix`, the following +When adding users to [`maintainer-list.nix`](./maintainer-list.nix), the following checks should be performed: -- If the user has specified a GPG key, verify that the commit is - signed by their key. +- If the user has specified a GPG key, verify that the commit is + signed by their key. - First, validate that the commit adding the maintainer is signed by - the key the maintainer listed. Check out the pull request and - compare its signing key with the listed key in the commit. + First, validate that the commit adding the maintainer is signed by + the key the maintainer listed. Check out the pull request and + compare its signing key with the listed key in the commit. - If the commit is not signed or it is signed by a different user, ask - them to either recommit using that key or to remove their key - information. + If the commit is not signed or it is signed by a different user, ask + them to either recommit using that key or to remove their key + information. - Given a maintainer entry like this: + Given a maintainer entry like this: - ``` nix - { - example = { - email = "user@example.com"; - name = "Example User"; - keys = [{ - fingerprint = "0000 0000 2A70 6423 0AED 3C11 F04F 7A19 AAA6 3AFE"; - }]; - } - }; - ``` + ``` nix + { + example = { + email = "user@example.com"; + name = "Example User"; + keys = [{ + fingerprint = "0000 0000 2A70 6423 0AED 3C11 F04F 7A19 AAA6 3AFE"; + }]; + } + }; + ``` - First receive their key from a keyserver: + First receive their key from a keyserver: - $ gpg --recv-keys 0xF04F7A19AAA63AFE - gpg: key 0xF04F7A19AAA63AFE: public key "Example " imported - gpg: Total number processed: 1 - gpg: imported: 1 + $ gpg --recv-keys 0xF04F7A19AAA63AFE + gpg: key 0xF04F7A19AAA63AFE: public key "Example " imported + gpg: Total number processed: 1 + gpg: imported: 1 - Then check the commit is signed by that key: + Then check the commit is signed by that key: - $ git log --show-signature - commit b87862a4f7d32319b1de428adb6cdbdd3a960153 - gpg: Signature made Wed Mar 12 13:32:24 2003 +0000 - gpg: using RSA key 000000002A7064230AED3C11F04F7A19AAA63AFE - gpg: Good signature from "Example User - Author: Example User - Date: Wed Mar 12 13:32:24 2003 +0000 + $ git log --show-signature + commit b87862a4f7d32319b1de428adb6cdbdd3a960153 + gpg: Signature made Wed Mar 12 13:32:24 2003 +0000 + gpg: using RSA key 000000002A7064230AED3C11F04F7A19AAA63AFE + gpg: Good signature from "Example User + Author: Example User + Date: Wed Mar 12 13:32:24 2003 +0000 - maintainers: adding example + maintainers: adding example - and validate that there is a `Good signature` and the printed key - matches the user's submitted key. + and validate that there is a `Good signature` and the printed key + matches the user's submitted key. - Note: GitHub's "Verified" label does not display the user's full key - fingerprint, and should not be used for validating the key matches. + Note: GitHub's "Verified" label does not display the user's full key + fingerprint, and should not be used for validating the key matches. -- If the user has specified a `github` account name, ensure they have - also specified a `githubId` and verify the two match. +- If the user has specified a `github` account name, ensure they have + also specified a `githubId` and verify the two match. - Maintainer entries that include a `github` field must also include - their `githubId`. People can and do change their GitHub name - frequently, and the ID is used as the official and stable identity - of the maintainer. + Maintainer entries that include a `github` field must also include + their `githubId`. People can and do change their GitHub name + frequently, and the ID is used as the official and stable identity + of the maintainer. - Given a maintainer entry like this: + Given a maintainer entry like this: - ``` nix - { - example = { - email = "user@example.com"; - name = "Example User"; - github = "ghost"; - githubId = 10137; - } - }; - ``` + ``` nix + { + example = { + email = "user@example.com"; + name = "Example User"; + github = "ghost"; + githubId = 10137; + } + }; + ``` - First, make sure that the listed GitHub handle matches the author of - the commit. + First, make sure that the listed GitHub handle matches the author of + the commit. - Then, visit the URL `https://api.github.com/users/ghost` and - validate that the `id` field matches the provided `githubId`. + Then, visit the URL `https://api.github.com/users/ghost` and + validate that the `id` field matches the provided `githubId`. -### Maintainer teams {#reviewing-contributions-maintainer-teams} +### Maintainer teams -Feel free to create a new maintainer team in `maintainers/team-list.nix` +Feel free to create a new maintainer team in [`team-list.nix`](./team-list.nix) when a group is collectively responsible for a collection of packages. Use taste and personal judgement when deciding if a team is warranted.