kubernetes
/
community
mirror of https://github.com/kubernetes/community.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add section on reviewing/approving godeps

This commit is contained in:
Christoph Blecker 2018-02-15 16:57:40 -08:00
parent 9c26a6ed07
commit 0b774ed796
No known key found for this signature in database
GPG Key ID: B34A59A9D39F838B
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
contributors/devel/godep.md
View File

@ -187,3 +187,25 @@ paths to coexist in the same git repo.
The verifiers, including `hack/verify-godeps.sh` *must* pass for every pull The verifiers, including `hack/verify-godeps.sh` *must* pass for every pull
request. request.
## Reviewing and approving dependency changes
Particular attention to detail should be exercised when reviewing and approving
PRs that add/remove/update dependencies. Importing a new dependency should bring
a certain degree of value as there is a maintenance overhead for maintaining
dependencies into the future.
When importing a new dependency, be sure to keep an eye out for the following:
- Is the dependency maintained?
- Does the dependency bring value to the project? Could this be done without
adding a new dependency?
- Is the target dependency the original source, or a fork?
- Is there already a dependency in the project that does something similar?
- Does the dependency have a license that is compatible with the Kubernetes
project?
All new dependency licenses should be reviewed by either Tim Hockin (@thockin)
or the Steering Committee (@kubernetes/steering-committee) to ensure that they
are compatible with the Kubernetes project license. It is also important to note
and flag if a license has changed when updating a dependency, so that these can
also be reviewed.