Merge pull request #3254 from BenTheElder/deps-reviews

add some more details to reviewing godeps

1 files changed, 10 insertions, 0 deletions

diff --git a/contributors/devel/sig-architecture/godep.md b/contributors/devel/sig-architecture/godep.md
index 4b10a7d5..fc748b10 100644
--- a/contributors/devel/sig-architecture/godep.md
+++ b/contributors/devel/sig-architecture/godep.md
@@ -244,6 +244,16 @@ When importing a new dependency, be sure to keep an eye out for the following:
 - Does the dependency have a license that is compatible with the Kubernetes
   project?
 
+Additionally:
+- Look at the godeps file. Check that the only changes are what the PR claims
+  them to be. 
+- Check if there is a tagged release we can vendor instead of a random hash
+- Scan the imported code for things like init() functions
+- Look at the Kubernetes code changes and make sure they are appropriate
+  (e.g. renaming imports or similar). You do not need to do feature code review.
+- If this is all good, approve, but don't LGTM, unless you also do code review
+  or unless it is trivial (e.g. moving from k/k/pkg/utils -> k/utils).
+
 All new dependency licenses should be reviewed by either Tim Hockin (@thockin)
 or the Steering Committee (@kubernetes/steering-committee) to ensure that they
 are compatible with the Kubernetes project license. It is also important to note