diff --git a/docs/README.md b/docs/README.md index c31cc27b282bd..bd72287edf75b 100644 --- a/docs/README.md +++ b/docs/README.md @@ -8,6 +8,7 @@ * User documentation + [Contributing to Conan Center Index](../CONTRIBUTING.md) + [Adding Packages to ConanCenter](how_to_add_packages.md) + + [Policy about patching](policy_patching.md) + [Review Process](review_process.md) + [Packaging policy](packaging_policy.md) + [Supported platforms and configurations](supported_platforms_and_configurations.md) diff --git a/docs/policy_patching.md b/docs/policy_patching.md new file mode 100644 index 0000000000000..ff2be2c1fcb56 --- /dev/null +++ b/docs/policy_patching.md @@ -0,0 +1,37 @@ +# Policy about patching + +The main guideline in ConanCenter is to provide already compiled binaries +for a set of architectures in the least surprising way as possible, so Conan +can be plugged into existing projects trying to minimize the modifications +needed. Packages from Conan Center should fulfill the expectations of anyone +reading the changelog of the library, the documentation, or any statement by +the library maintainers. + +**Build system patches.-** In order to add libraries into ConanCenter sometimes +it is necessary to apply patches so they can consume existing packages +for requirements and binaries can be generated. These patches are totally +needed for the purpose of ConanCenter and Conan keeps adding features trying +to minimize these changes. + +**Source patches.-** ConanCenter DOES NOT accept patches **backporting bugfixes or +features** from upcoming releases, they break the principle of minimum surprise, +they change the behavior of the library and it will no longer match the +documentation or the changelog originally delivered by the authors. + +However, ConanCenter DOES accept **working software patches**, these patches +are needed to generate the binaries for architectures not considered by +library maintainers, or to use some compilers or configurations. These patches +make it possible to generate binaries that cannot be generated otherwise, or +they can turn a crashing binary into a working software one (bugs, errors, or +faults are considered working software as long as they produce deterministic +results). + +Patches to sources to add support to newer versions of dependencies are +considered feature patches and they are not allowed either. They can +introduce new behaviors or bugs not considered when delivering the +library by maintainers. If a requirement is known not to work, the recipe +should raise a `ConanInvalidConfiguration` from the `validate()` method. + +**Vulnerability patches.-** Patches published to CVE databases or declared as +vulnerabilities by the authors in non-mainstream libraries will be applied +to packages generated in Conan Center.