From aef7689a469c2a521897b18bb57b282df70314d4 Mon Sep 17 00:00:00 2001 From: Benjamin Elder Date: Wed, 13 Feb 2019 10:40:37 -0800 Subject: add some more details to reviewing godeps --- contributors/devel/sig-architecture/godep.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/contributors/devel/sig-architecture/godep.md b/contributors/devel/sig-architecture/godep.md index 4b10a7d5..fc748b10 100644 --- a/contributors/devel/sig-architecture/godep.md +++ b/contributors/devel/sig-architecture/godep.md @@ -244,6 +244,16 @@ When importing a new dependency, be sure to keep an eye out for the following: - Does the dependency have a license that is compatible with the Kubernetes project? +Additionally: +- Look at the godeps file. Check that the only changes are what the PR claims + them to be. +- Check if there is a tagged release we can vendor instead of a random hash +- Scan the imported code for things like init() functions +- Look at the Kubernetes code changes and make sure they are appropriate + (e.g. renaming imports or similar). You do not need to do feature code review. +- If this is all good, approve, but don't LGTM, unless you also do code review + or unless it is trivial (e.g. moving from k/k/pkg/utils -> k/utils). + All new dependency licenses should be reviewed by either Tim Hockin (@thockin) or the Steering Committee (@kubernetes/steering-committee) to ensure that they are compatible with the Kubernetes project license. It is also important to note -- cgit v1.2.3