From 0b774ed796fc0a3af49b4e714ae91668ba9cde95 Mon Sep 17 00:00:00 2001
From: Christoph Blecker <admin@toph.ca>
Date: Thu, 15 Feb 2018 16:57:40 -0800
Subject: [PATCH] Add section on reviewing/approving godeps

---
 contributors/devel/godep.md | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/contributors/devel/godep.md b/contributors/devel/godep.md
index c997a1ca313..36856aa2966 100644
--- a/contributors/devel/godep.md
+++ b/contributors/devel/godep.md
@@ -187,3 +187,25 @@ paths to coexist in the same git repo.
 
 The verifiers, including `hack/verify-godeps.sh` *must* pass for every pull
 request.
+
+## Reviewing and approving dependency changes
+
+Particular attention to detail should be exercised when reviewing and approving
+PRs that add/remove/update dependencies. Importing a new dependency should bring
+a certain degree of value as there is a maintenance overhead for maintaining
+dependencies into the future.
+
+When importing a new dependency, be sure to keep an eye out for the following:
+- Is the dependency maintained?
+- Does the dependency bring value to the project? Could this be done without
+  adding a new dependency?
+- Is the target dependency the original source, or a fork?
+- Is there already a dependency in the project that does something similar?
+- Does the dependency have a license that is compatible with the Kubernetes
+  project?
+
+All new dependency licenses should be reviewed by either Tim Hockin (@thockin)
+or the Steering Committee (@kubernetes/steering-committee) to ensure that they
+are compatible with the Kubernetes project license. It is also important to note
+and flag if a license has changed when updating a dependency, so that these can
+also be reviewed.