From 35887224c79be021b53a8b0172cecee180d916c9 Mon Sep 17 00:00:00 2001 From: Seth Michael Larson Date: Mon, 11 Mar 2024 12:46:25 -0500 Subject: [PATCH] Apply suggestions from code review Co-authored-by: Carol Willing --- developer-workflow/sbom.rst | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/developer-workflow/sbom.rst b/developer-workflow/sbom.rst index 3e1c9e823d..fbbd592ceb 100644 --- a/developer-workflow/sbom.rst +++ b/developer-workflow/sbom.rst @@ -113,8 +113,10 @@ Updating external dependencies (``cpython-source-deps``) .. note:: Only core developers can push to the ``cpython-source-deps`` repository. - Pull requests are not accepted because the sources must be verified for - integrity. Contributors should create an issue requesting the updated + + For this repo to maintain integrity, pull requests from contributors are not accepted. Instead of a pull request, + contributors should + create an issue requesting the updated version and then wait for a core developer to prepare the new version before proceeding with the next steps below. @@ -122,7 +124,7 @@ Dependencies for Windows CPython builds are `stored in a separate repository `_ and then fetched during builds of CPython for Windows in the script :cpy-file:`PCbuild/get_externals.bat`. -In this script the libraries to fetch are designated by ``{name}-{version}`` +In this :cpy-file:`PCbuild/get_externals.bat`, the libraries to fetch are designated by ``{name}-{version}`` Git refs being added to the ``libraries`` variable. SBOM tooling in the CPython repository matches these Git refs in order to build the :cpy-file:`Misc/externals.spdx.json` SBOM file.