justinmclean opened a new pull request, #193:
URL: https://github.com/apache/airflow-steward/pull/193
## Problem
The `pr-management-code-review` skill had no guidance for two categories of
file that carry IP or release-policy risk:
1. **Binary images** — logos, brand assets, or stock illustrations may carry
copyright restrictions but have no machine-readable licence metadata.
Flagging every image would be too noisy; the right behaviour is
judgment-based.
2. **Compiled artifacts** — ASF releases must be source-only. Committed
`.class`, `.jar`, `.so`, `.whl`, etc. risk ending up in a release archive.
There is little legitimate reason to commit them to a source tree.
Neither had any guidance in the skill; both passed through review unchecked.
## Changes
**`.claude/skills/pr-management-code-review/criteria.md`**
Two new framework-level default subsections added under "Quality signals
to check". Both apply regardless of what the adopter's source files say.
*Image IP:* when the diff adds binary image files (`.png`, `.jpg`, `.jpeg`,
`.gif`, `.svg`, `.ico`, `.webp`), the reviewer uses judgment rather than
raising an automatic finding. Contributor-created screenshots and diagrams
are legitimate by default. Logos, brand assets, or professionally produced
illustrations warrant a short comment asking the contributor to confirm
source and licence.
*Compiled artifacts:* when the diff adds any of the following, raise a
`major` finding with standard text directing the contributor to remove the
file and generate it at build time:
- JVM: `.class`, `.jar`, `.war`, `.ear`
- Python: `.pyc`, `.pyo`, `.pyd`
- Native: `.so`, `.dll`, `.dylib`, `.exe`, `.o`, `.a`
- Packages: `.whl`, `.egg`
If the file would be included in a release archive, the reviewer escalates
to `blocking`.
## Testing
**Structural validation**
`tools/skill-validator` run against all SKILL.md files post-change.
Result: 0 violations in pr-management skills.
**Functional dry-run (5 cases)**
1. *`.class` file added* — `major` finding raised, standard removal text. ✓
2. *Non-empty `.jar` added* — `major` finding raised. ✓
3. *`.whl` named as a release artifact* — `major` raised; reviewer escalates
to `blocking`. ✓
4. *Documentation screenshot added* — contributor-created asset, no finding.
✓
5. *Asset named `partner_logo.png`* — looks professionally produced; reviewer
prompted to ask contributor to confirm source and licence. ✓
6. *Clean `.py`-only PR* — no image or compiled extensions; no finding. ✓
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
