uploading.html 4.3 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
	<html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1">
	<title>Uploading to testing-security</title>
	<link type="text/css" rel="stylesheet" href="style.css">
	<link rel="shortcut icon" href="http://www.debian.org/favicon.ico">
	</head>
	<body>
	<div align="center">
	<a href="http://www.debian.org/">

     <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a>
	<a href="http://www.debian.org/">
     <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a>
	</div>
	<br />
	<table class="reddy" width="100%">
	<tr>
	<td class="reddy">
    <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0"
     alt="" width="15" height="16"></td>

	<td rowspan="2" class="reddy">Debian testing security team</td>
	<td class="reddy">
    <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0"
     alt="" width="16" height="16"></td>
	</tr>
	<tr>
	<td class="reddy">
    <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0"
     alt="" width="16" height="16"></td>
	<td class="reddy">

    <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0"
     alt="" width="15" height="16"></td>
	</tr>
	</table>

	<p>
	To upload a package to the secure-testing repository, any Debian
	developer may follow this checklist:
	<ol>
42
		<h2>Preparing the package</h2>
43
		<li><a href="index.html#contact">Contact</a> the team first to avoid duplicate work.</li>
Stefan Fritsch's avatar
Stefan Fritsch committed
44
		
45 46 47 48 49 50
		<li>Only upload changes that have already been made in
		unstable and are blocked by reaching testing by some other
		issues. This is both to keep things in sync once the
		new version from unstable reaches testing, and to avoid
		breaking secure-testing too badly with fixes that have not
		been tested first in unstable.</li>
Stefan Fritsch's avatar
Stefan Fritsch committed
51
		
52 53 54
		<li>If the orig.tar.gz is already on security.debian.org
		(either in stable-security or in testing-security) 
		don't include it in the upload. If in doubt, ask the team.</li>
Stefan Fritsch's avatar
Stefan Fritsch committed
55
		
56 57 58 59
		<li>Use a version number that is less than the version
		number of the fix in unstable, but greater than the version
		number of the fix in testing (including a possible +b1 for binNMUs).
		For example, if the fix is in a new upstream version 1.0-1 in unstable,
60
		upload version 1.0-1~wheezy1 to testing-security. If the current version
61
		in testing is 1.2-3 and the fix is backported to this version, upload
62
		version 1.2-3+wheezy1 to testing-security. Make sure
63 64
		that the version you used has <strong>never</strong>
		been used before in any release.</li>
Stefan Fritsch's avatar
Stefan Fritsch committed
65
		
66
		<li>Use <em>CODENAME-security</em> as the distribution in the
67
		changelog (e.g. wheezy-security).</li>
Stefan Fritsch's avatar
Stefan Fritsch committed
68
		
69
		<li>Build the package in a testing chroot using pbuilder
70
		so that all the dependencies are ok. <strong>Be sure to build with
71
		the -sa switch to include source, unless the source is
72
		already in the testing-security archive.</strong></li>
Stefan Fritsch's avatar
Stefan Fritsch committed
73
		
74 75 76
		<li>Test the package. Diff the package against the version
		in testing (if backporting fixes). Use debdiff on both
		source and binary packages.</li>
Stefan Fritsch's avatar
Stefan Fritsch committed
77
		
78 79
		<li>Sign the package. Any Debian developer in the keyring
		can do so.</li>
Stefan Fritsch's avatar
Stefan Fritsch committed
80
		
81
		<li>Upload to <tt>security-master.debian.org</tt>.
82
		<h2>Public security issues</h2>
83 84
		For security issues that are already <strong>public</strong>
		use the <em>security-master-unembargoed</em> dput target.
85
		<h2>Embargoed security issues</h2>
86 87
		To upload fixed packages for embargoed (non-public) security
		issues use the <em>security-master</em> dput target.
88 89 90 91
		</li>
	</ol>


Stefan Fritsch's avatar
Stefan Fritsch committed
92
	<p>Information about releasing the packages can be found in the
93
	<a href="http://anonscm.debian.org/viewvc/secure-testing/doc/how-to-DTSA?view=co">howto-DTSA
Stefan Fritsch's avatar
Stefan Fritsch committed
94 95
	file</a> in the SVN repository.
	
96

97
<hr><p>$Id: uploading.html 6493 2007-09-04 11:06:04Z nion $</p>
98 99 100 101 102 103 104 105
<a href="http://validator.w3.org/check?uri=referer">
    <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a>
	<a href="http://jigsaw.w3.org/css-validator/check/referer">
    <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!"
     height="31" width="88"></a>

    
</body></html>