doc: Move paragraph about signature verification to the top.

* doc/contributing.texi (Submitting Patches): Remind contributors to verify cryptographic signatures at the very beginning.

doc: Move paragraph about signature verification to the top.
308c08d3 · Ricardo Wurmus · 697e341e · 308c08d3
Unverified Commit 308c08d3 authored 7 years ago by Ricardo Wurmus
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -308,6 +308,12 @@ Before submitting a patch that adds or modifies a package definition,
 please run through this check list:

 @enumerate
+@item
+If the authors of the packaged software provide a cryptographic
+signature for the release tarball, make an effort to verify the
+authenticity of the archive.  For a detached GPG signature file this
+would be done with the @code{gpg --verify} command.
+
 @item
 Take some time to provide an adequate synopsis and description for the
 package.  @xref{Synopses and Descriptions}, for some guidelines.
@@ -335,12 +341,6 @@ distribution to make transverse changes such as applying security
 updates for a given software package in a single place and have them
 affect the whole system---something that bundled copies prevent.

-@item
-If the authors of the packaged software provide a cryptographic
-signature for the release tarball, make an effort to verify the
-authenticity of the archive.  For a detached GPG signature file this
-would be done with the @code{gpg --verify} command.
-
 @item
 Take a look at the profile reported by @command{guix size}
 (@pxref{Invoking guix size}).  This will allow you to notice references