1 # SOME DESCRIPTIVE TITLE
2 # Copyright (C) 2007 Free Software Foundation, Inc.
9 "Project-Id-Version: PACKAGE VERSION\n"
10 "Report-Msgid-Bugs-To: \n"
11 "POT-Creation-Date: 2008-08-08 11:36-0300\n"
12 "PO-Revision-Date: 2007-07-01 23:15+0000\n"
13 "Last-Translator: <>\n"
16 "Content-Type: text/plain; charset=UTF-8\n"
17 "Content-Transfer-Encoding: \n"
19 # type: Content of: <chapter><title>
21 msgid "Managing Packages"
22 msgstr "Gestion des paquets"
24 # type: Content of: <chapter><para>
27 "This chapter contains information related to creating, uploading, "
28 "maintaining, and porting packages."
30 "Ce chapitre contient des informations relatives à la création, l'envoi,la "
31 "maintenance et le portage des paquets."
33 # type: Content of: <chapter><section><title>
36 msgstr "Nouveaux paquets"
38 # type: Content of: <chapter><section><para>
41 "If you want to create a new package for the Debian distribution, you should "
42 "first check the <ulink url=\"&url-wnpp;\">Work-Needing and Prospective "
43 "Packages (WNPP)</ulink> list. Checking the WNPP list ensures that no one is "
44 "already working on packaging that software, and that effort is not "
45 "duplicated. Read the <ulink url=\"&url-wnpp;\">WNPP web pages</ulink> for "
49 # type: Content of: <chapter><section><para>
52 "Assuming no one else is already working on your prospective package, you "
53 "must then submit a bug report (<xref linkend=\"submit-bug\"/> ) against the "
54 "pseudo-package <systemitem role=\"package\">wnpp</systemitem> describing "
55 "your plan to create a new package, including, but not limiting yourself to, "
56 "a description of the package, the license of the prospective package, and "
57 "the current URL where it can be downloaded from."
60 # type: Content of: <chapter><section><para>
63 "You should set the subject of the bug to <literal>ITP: <replaceable>foo</"
64 "replaceable> -- <replaceable>short description</replaceable></literal>, "
65 "substituting the name of the new package for <replaceable>foo</"
66 "replaceable>. The severity of the bug report must be set to "
67 "<literal>wishlist</literal>. Please send a copy to &email-debian-devel; by "
68 "using the X-Debbugs-CC header (don't use CC:, because that way the message's "
69 "subject won't indicate the bug number). If you are packaging so many new "
70 "packages (>10) that notifying the mailing list in seperate messages is too "
71 "disruptive, do send a summary after filing the bugs to the debian-devel list "
72 "instead. This will inform the other developers about upcoming packages and "
73 "will allow a review of your description and package name."
76 # type: Content of: <chapter><section><para>
79 "Please include a <literal>Closes: bug#<replaceable>nnnnn</replaceable></"
80 "literal> entry in the changelog of the new package in order for the bug "
81 "report to be automatically closed once the new package is installed in the "
82 "archive (see <xref linkend=\"upload-bugfix\"/> )."
85 # type: Content of: <chapter><section><para>
88 "When closing security bugs include CVE numbers as well as the Closes: "
89 "#nnnnn. This is useful for the security team to track vulnerabilities. If "
90 "an upload is made to fix the bug before the advisory ID is known, it is "
91 "encouraged to modify the historical changelog entry with the next upload. "
92 "Even in this case, please include all available pointers to background "
93 "information in the original changelog entry."
96 # type: Content of: <chapter><section><para>
99 "There are a number of reasons why we ask maintainers to announce their "
103 # type: Content of: <chapter><section><itemizedlist><listitem><para>
106 "It helps the (potentially new) maintainer to tap into the experience of "
107 "people on the list, and lets them know if anyone else is working on it "
111 # type: Content of: <chapter><section><itemizedlist><listitem><para>
114 "It lets other people thinking about working on the package know that there "
115 "already is a volunteer, so efforts may be shared."
118 # type: Content of: <chapter><section><itemizedlist><listitem><para>
121 "It lets the rest of the maintainers know more about the package than the one "
122 "line description and the usual changelog entry ``Initial release'' that gets "
123 "posted to &email-debian-devel-changes;."
126 # type: Content of: <chapter><section><itemizedlist><listitem><para>
129 "It is helpful to the people who live off <literal>unstable</literal> (and "
130 "form our first line of testers). We should encourage these people."
133 # type: Content of: <chapter><section><itemizedlist><listitem><para>
136 "The announcements give maintainers and other interested parties a better "
137 "feel of what is going on, and what is new, in the project."
140 # type: Content of: <chapter><section><para>
143 "Please see <ulink url=\"http://&ftp-master-host;/REJECT-FAQ.html\"></ulink> "
144 "for common rejection reasons for a new package."
147 # type: Content of: <chapter><section><title>
149 msgid "Recording changes in the package"
152 # type: Content of: <chapter><section><para>
155 "Changes that you make to the package need to be recorded in the "
156 "<filename>debian/changelog</filename>. These changes should provide a "
157 "concise description of what was changed, why (if it's in doubt), and note if "
158 "any bugs were closed. They also record when the package was completed. "
159 "This file will be installed in <filename>/usr/share/doc/"
160 "<replaceable>package</replaceable>/changelog.Debian.gz</filename>, or "
161 "<filename>/usr/share/doc/<replaceable>package</replaceable>/changelog.gz</"
162 "filename> for native packages."
165 # type: Content of: <chapter><section><para>
168 "The <filename>debian/changelog</filename> file conforms to a certain "
169 "structure, with a number of different fields. One field of note, the "
170 "<literal>distribution</literal>, is described in <xref linkend=\"distribution"
171 "\"/> . More information about the structure of this file can be found in "
172 "the Debian Policy section titled <filename>debian/changelog</filename>."
175 # type: Content of: <chapter><section><para>
178 "Changelog entries can be used to automatically close Debian bugs when the "
179 "package is installed into the archive. See <xref linkend=\"upload-bugfix\"/"
183 # type: Content of: <chapter><section><para>
186 "It is conventional that the changelog entry of a package that contains a new "
187 "upstream version of the software looks like this:"
190 # type: Content of: <chapter><section><screen>
195 " * new upstream version\n"
198 # type: Content of: <chapter><section><para>
201 "There are tools to help you create entries and finalize the "
202 "<filename>changelog</filename> for release — see <xref linkend=\"devscripts"
203 "\"/> and <xref linkend=\"dpkg-dev-el\"/> ."
206 # type: Content of: <chapter><section><para>
208 msgid "See also <xref linkend=\"bpp-debian-changelog\"/> ."
211 # type: Content of: <chapter><section><title>
213 msgid "Testing the package"
216 # type: Content of: <chapter><section><para>
219 "Before you upload your package, you should do basic testing on it. At a "
220 "minimum, you should try the following activities (you'll need to have an "
221 "older version of the same Debian package around):"
224 # type: Content of: <chapter><section><itemizedlist><listitem><para>
227 "Install the package and make sure the software works, or upgrade the package "
228 "from an older version to your new version if a Debian package for it already "
232 # type: Content of: <chapter><section><itemizedlist><listitem><para>
235 "Run <command>lintian</command> over the package. You can run "
236 "<command>lintian</command> as follows: <literal>lintian -v "
237 "<replaceable>package-version</replaceable>.changes</literal>. This will "
238 "check the source package as well as the binary package. If you don't "
239 "understand the output that <command>lintian</command> generates, try adding "
240 "the <literal>-i</literal> switch, which will cause <command>lintian</"
241 "command> to output a very verbose description of the problem."
244 # type: Content of: <chapter><section><itemizedlist><listitem><para>
247 "Normally, a package should <emphasis>not</emphasis> be uploaded if it causes "
248 "lintian to emit errors (they will start with <literal>E</literal>)."
251 # type: Content of: <chapter><section><itemizedlist><listitem><para>
254 "For more information on <command>lintian</command>, see <xref linkend="
258 # type: Content of: <chapter><section><itemizedlist><listitem><para>
261 "Optionally run <xref linkend=\"debdiff\"/> to analyze changes from an older "
262 "version, if one exists."
265 # type: Content of: <chapter><section><itemizedlist><listitem><para>
268 "Downgrade the package to the previous version (if one exists) — this tests "
269 "the <filename>postrm</filename> and <filename>prerm</filename> scripts."
272 # type: Content of: <chapter><section><itemizedlist><listitem><para>
274 msgid "Remove the package, then reinstall it."
277 # type: Content of: <chapter><section><itemizedlist><listitem><para>
280 "Copy the source package in a different directory and try unpacking it and "
281 "rebuilding it. This tests if the package relies on existing files outside "
282 "of it, or if it relies on permissions being preserved on the files shipped "
283 "inside the .diff.gz file."
286 # type: Content of: <chapter><section><title>
288 msgid "Layout of the source package"
291 # type: Content of: <chapter><section><para>
293 msgid "There are two types of Debian source packages:"
296 # type: Content of: <chapter><section><itemizedlist><listitem><para>
299 "the so-called <literal>native</literal> packages, where there is no "
300 "distinction between the original sources and the patches applied for Debian"
303 # type: Content of: <chapter><section><itemizedlist><listitem><para>
306 "the (more common) packages where there's an original source tarball file "
307 "accompanied by another file that contains the patches applied for Debian"
310 # type: Content of: <chapter><section><para>
313 "For the native packages, the source package includes a Debian source control "
314 "file (<literal>.dsc</literal>) and the source tarball (<literal>.tar.gz</"
315 "literal>). A source package of a non-native package includes a Debian "
316 "source control file, the original source tarball (<literal>.orig.tar.gz</"
317 "literal>) and the Debian patches (<literal>.diff.gz</literal>)."
320 # type: Content of: <chapter><section><para>
323 "Whether a package is native or not is determined when it is built by "
324 "<citerefentry> <refentrytitle>dpkg-buildpackage</refentrytitle> "
325 "<manvolnum>1</manvolnum> </citerefentry>. The rest of this section relates "
326 "only to non-native packages."
329 # type: Content of: <chapter><section><para>
332 "The first time a version is uploaded which corresponds to a particular "
333 "upstream version, the original source tar file should be uploaded and "
334 "included in the <filename>.changes</filename> file. Subsequently, this very "
335 "same tar file should be used to build the new diffs and <filename>.dsc</"
336 "filename> files, and will not need to be re-uploaded."
339 # type: Content of: <chapter><section><para>
342 "By default, <command>dpkg-genchanges</command> and <command>dpkg-"
343 "buildpackage</command> will include the original source tar file if and only "
344 "if the Debian revision part of the source version number is 0 or 1, "
345 "indicating a new upstream version. This behavior may be modified by using "
346 "<literal>-sa</literal> to always include it or <literal>-sd</literal> to "
347 "always leave it out."
350 # type: Content of: <chapter><section><para>
353 "If no original source is included in the upload, the original source tar-"
354 "file used by <command>dpkg-source</command> when constructing the <filename>."
355 "dsc</filename> file and diff to be uploaded <emphasis>must</emphasis> be "
356 "byte-for-byte identical with the one already in the archive."
359 # type: Content of: <chapter><section><para>
362 "Please notice that, in non-native packages, permissions on files that are "
363 "not present in the .orig.tar.gz will not be preserved, as diff does not "
364 "store file permissions in the patch."
367 # type: Content of: <chapter><section><title>
369 msgid "Picking a distribution"
372 # type: Content of: <chapter><section><para>
375 "Each upload needs to specify which distribution the package is intended "
376 "for. The package build process extracts this information from the first "
377 "line of the <filename>debian/changelog</filename> file and places it in the "
378 "<literal>Distribution</literal> field of the <literal>.changes</literal> "
382 # type: Content of: <chapter><section><para>
385 "There are several possible values for this field: <literal>stable</literal>, "
386 "<literal>unstable</literal>, <literal>testing-proposed-updates</literal> and "
387 "<literal>experimental</literal>. Normally, packages are uploaded into "
388 "<literal>unstable</literal>."
391 # type: Content of: <chapter><section><para>
394 "Actually, there are two other possible distributions: <literal>stable-"
395 "security </literal> and <literal>testing-security</literal>, but read <xref "
396 "linkend=\"bug-security\"/> for more information on those."
399 # type: Content of: <chapter><section><para>
402 "It is not possible to upload a package into several distributions at the "
406 # type: Content of: <chapter><section><section><title>
409 "Special case: uploads to the <literal>stable</literal> and "
410 "<literal>oldstable</literal> distributions"
413 # type: Content of: <chapter><section><section><para>
416 "Uploading to <literal>stable</literal> means that the package will "
417 "transfered to the <literal>proposed-updates-new</literal> queue for review "
418 "by the stable release managers, and if approved will be installed in "
419 "<filename>stable-proposed-updates</filename> directory of the Debian "
420 "archive. From there, it will be included in <literal>stable</literal> with "
421 "the next point release."
424 # type: Content of: <chapter><section><section><para>
427 "To ensure that your upload will be accepted, you should discuss the changes "
428 "with the stable release team before you upload. For that, send a mail to the "
429 "&email-debian-release; mailing list, including the patch you want to apply "
430 "to the package version currently in <literal>stable</literal>. Always be "
431 "verbose and detailed in your changelog entries for uploads to the "
432 "<literal>stable</literal> distribution."
435 # type: Content of: <chapter><section><section><para>
438 "Extra care should be taken when uploading to <literal>stable</literal>. "
439 "Basically, a package should only be uploaded to <literal>stable</literal> if "
440 "one of the following happens:"
443 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
445 msgid "a truly critical functionality problem"
448 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
450 msgid "the package becomes uninstallable"
453 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
455 msgid "a released architecture lacks the package"
458 # type: Content of: <chapter><section><section><para>
461 "In the past, uploads to <literal>stable</literal> were used to address "
462 "security problems as well. However, this practice is deprecated, as uploads "
463 "used for Debian security advisories are automatically copied to the "
464 "appropriate <filename>proposed-updates</filename> archive when the advisory "
465 "is released. See <xref linkend=\"bug-security\"/> for detailed information "
466 "on handling security problems. If the security teams deems the problem to be "
467 "too benign to be fixed through a <literal>DSA</literal>, the stable release "
468 "managers are usually willing to include your fix nonetheless in a regular "
469 "upload to <literal>stable</literal>."
472 # type: Content of: <chapter><section><section><para>
475 "Changing anything else in the package that isn't important is discouraged, "
476 "because even trivial fixes can cause bugs later on."
479 # type: Content of: <chapter><section><section><para>
482 "Packages uploaded to <literal>stable</literal> need to be compiled on "
483 "systems running <literal>stable</literal>, so that their dependencies are "
484 "limited to the libraries (and other packages) available in <literal>stable</"
485 "literal>; for example, a package uploaded to <literal>stable</literal> that "
486 "depends on a library package that only exists in <literal>unstable</literal> "
487 "will be rejected. Making changes to dependencies of other packages (by "
488 "messing with <literal>Provides</literal> or <literal>shlibs</literal> "
489 "files), possibly making those other packages uninstallable, is strongly "
493 # type: Content of: <chapter><section><section><para>
496 "Uploads to the <literal>oldstable</literal> distributions are possible as "
497 "long as it hasn't been archived. The same rules as for <literal>stable </"
501 # type: Content of: <chapter><section><section><title>
504 "Special case: uploads to <literal>testing/testing-proposed-updates</literal>"
507 # type: Content of: <chapter><section><section><para>
510 "Please see the information in the <link linkend=\"t-p-u\">testing section</"
514 # type: Content of: <chapter><section><title>
516 msgid "Uploading a package"
519 # type: Content of: <chapter><section><section><title>
521 msgid "Uploading to <literal>ftp-master</literal>"
524 # type: Content of: <chapter><section><section><para>
527 "To upload a package, you should upload the files (including the signed "
528 "changes and dsc-file) with anonymous ftp to <literal>&ftp-master-host;</"
529 "literal> in the directory <ulink url=\"ftp://&ftp-master-host;&upload-queue;"
530 "\">&upload-queue;</ulink>. To get the files processed there, they need to "
531 "be signed with a key in the Debian Developers keyring or the Debian "
532 "Maintainers keyring (see <ulink url=\"&url-wiki-dm;\"></ulink>)."
535 # type: Content of: <chapter><section><section><para>
538 "Please note that you should transfer the changes file last. Otherwise, your "
539 "upload may be rejected because the archive maintenance software will parse "
540 "the changes file and see that not all files have been uploaded."
543 # type: Content of: <chapter><section><section><para>
546 "You may also find the Debian packages <xref linkend=\"dupload\"/> or <xref "
547 "linkend=\"dput\"/> useful when uploading packages. These handy programs "
548 "help automate the process of uploading packages into Debian."
551 # type: Content of: <chapter><section><section><para>
554 "For removing packages, please see the README file in that ftp directory, and "
555 "the Debian package <xref linkend=\"dcut\"/> ."
558 # type: Content of: <chapter><section><section><title>
560 msgid "Delayed uploads"
563 # type: Content of: <chapter><section><section><para>
566 "Delayed uploads are done for the moment via the delayed queue at "
567 "<literal>gluck </literal>. The upload-directory is <literal>gluck:~tfheen/"
568 "DELAYED/[012345678]-day</literal>. 0-day is uploaded multiple times per day "
569 "to <literal>&ftp-master-host;</literal>."
572 # type: Content of: <chapter><section><section><para>
574 msgid "With a fairly recent dput, this section"
577 # type: Content of: <chapter><section><section><screen>
584 "fqdn = gluck.debian.org\n"
585 "incoming = ~tfheen\n"
588 # type: Content of: <chapter><section><section><para>
591 "in <filename>~/.dput.cf</filename> should work fine for uploading to the "
592 "<literal>DELAYED</literal> queue."
595 # type: Content of: <chapter><section><section><para>
598 "<emphasis>Note:</emphasis> Since this upload queue goes to <literal>&ftp-"
599 "master-host;</literal>, the prescription found in <xref linkend=\"upload-ftp-"
600 "master\"/> applies here as well."
603 # type: Content of: <chapter><section><section><title>
605 msgid "Security uploads"
608 # type: Content of: <chapter><section><section><para>
611 "Do <emphasis role=\"strong\">NOT</emphasis> upload a package to the security "
612 "upload queue (<literal>oldstable-security</literal>, <literal>stable-"
613 "security </literal>, etc.) without prior authorization from the security "
614 "team. If the package does not exactly meet the team's requirements, it will "
615 "cause many problems and delays in dealing with the unwanted upload. For "
616 "details, please see section <xref linkend=\"bug-security\"/> ."
619 # type: Content of: <chapter><section><section><title>
621 msgid "Other upload queues"
624 # type: Content of: <chapter><section><section><para>
627 "The scp queues on <literal>&ftp-master-host;</literal>, and <literal> "
628 "security.debian.org</literal> are mostly unusable due to the login "
629 "restrictions on those hosts."
632 # type: Content of: <chapter><section><section><para>
635 "The anonymous queues on ftp.uni-erlangen.de and ftp.uk.debian.org are "
636 "currently down. Work is underway to resurrect them."
639 # type: Content of: <chapter><section><section><para>
642 "The queues on master.debian.org, samosa.debian.org, master.debian.or.jp, and "
643 "ftp.chiark.greenend.org.uk are down permanently, and will not be "
644 "resurrected. The queue in Japan will be replaced with a new queue on hp."
645 "debian.or.jp some day."
648 # type: Content of: <chapter><section><section><title>
650 msgid "Notification that a new package has been installed"
653 # type: Content of: <chapter><section><section><para>
656 "The Debian archive maintainers are responsible for handling package "
657 "uploads. For the most part, uploads are automatically handled on a daily "
658 "basis by the archive maintenance tools, <command>katie</command>. "
659 "Specifically, updates to existing packages to the <literal>unstable</"
660 "literal> distribution are handled automatically. In other cases, notably "
661 "new packages, placing the uploaded package into the distribution is handled "
662 "manually. When uploads are handled manually, the change to the archive may "
663 "take up to a month to occur. Please be patient."
666 # type: Content of: <chapter><section><section><para>
669 "In any case, you will receive an email notification indicating that the "
670 "package has been added to the archive, which also indicates which bugs will "
671 "be closed by the upload. Please examine this notification carefully, "
672 "checking if any bugs you meant to close didn't get triggered."
675 # type: Content of: <chapter><section><section><para>
678 "The installation notification also includes information on what section the "
679 "package was inserted into. If there is a disparity, you will receive a "
680 "separate email notifying you of that. Read on below."
683 # type: Content of: <chapter><section><section><para>
686 "Note that if you upload via queues, the queue daemon software will also send "
687 "you a notification by email."
690 # type: Content of: <chapter><section><title>
692 msgid "Specifying the package section, subsection and priority"
695 # type: Content of: <chapter><section><para>
698 "The <filename>debian/control</filename> file's <literal>Section</literal> "
699 "and <literal>Priority</literal> fields do not actually specify where the "
700 "file will be placed in the archive, nor its priority. In order to retain "
701 "the overall integrity of the archive, it is the archive maintainers who have "
702 "control over these fields. The values in the <filename>debian/control</"
703 "filename> file are actually just hints."
706 # type: Content of: <chapter><section><para>
709 "The archive maintainers keep track of the canonical sections and priorities "
710 "for packages in the <literal>override file</literal>. If there is a "
711 "disparity between the <literal>override file</literal> and the package's "
712 "fields as indicated in <filename>debian/control</filename>, then you will "
713 "receive an email noting the divergence when the package is installed into "
714 "the archive. You can either correct your <filename>debian/control</"
715 "filename> file for your next upload, or else you may wish to make a change "
716 "in the <literal>override file</literal>."
719 # type: Content of: <chapter><section><para>
722 "To alter the actual section that a package is put in, you need to first make "
723 "sure that the <filename>debian/control</filename> file in your package is "
724 "accurate. Next, send an email &email-override; or submit a bug against "
725 "<systemitem role=\"package\">ftp.debian.org</systemitem> requesting that the "
726 "section or priority for your package be changed from the old section or "
727 "priority to the new one. Be sure to explain your reasoning."
730 # type: Content of: <chapter><section><para>
733 "For more information about <literal>override files</literal>, see "
734 "<citerefentry> <refentrytitle>dpkg-scanpackages</refentrytitle> "
735 "<manvolnum>1</manvolnum> </citerefentry> and <ulink url=\"&url-bts-devel;"
736 "#maintincorrect\"></ulink>."
739 # type: Content of: <chapter><section><para>
742 "Note that the <literal>Section</literal> field describes both the section as "
743 "well as the subsection, which are described in <xref linkend=\"archive-"
744 "sections\"/> . If the section is main, it should be omitted. The list of "
745 "allowable subsections can be found in <ulink url=\"&url-debian-policy;ch-"
746 "archive.html#s-subsections\"></ulink>."
749 # type: Content of: <chapter><section><title>
751 msgid "Handling bugs"
754 # type: Content of: <chapter><section><para>
757 "Every developer has to be able to work with the Debian <ulink url=\"&url-bts;"
758 "\">bug tracking system</ulink>. This includes knowing how to file bug "
759 "reports properly (see <xref linkend=\"submit-bug\"/> ), how to update them "
760 "and reorder them, and how to process and close them."
763 # type: Content of: <chapter><section><para>
766 "The bug tracking system's features are described in the <ulink url=\"&url-"
767 "bts-devel;\">BTS documentation for developers</ulink>. This includes "
768 "closing bugs, sending followup messages, assigning severities and tags, "
769 "marking bugs as forwarded, and other issues."
772 # type: Content of: <chapter><section><para>
775 "Operations such as reassigning bugs to other packages, merging separate bug "
776 "reports about the same issue, or reopening bugs when they are prematurely "
777 "closed, are handled using the so-called control mail server. All of the "
778 "commands available on this server are described in the <ulink url=\"&url-bts-"
779 "control;\">BTS control server documentation</ulink>."
782 # type: Content of: <chapter><section><section><title>
784 msgid "Monitoring bugs"
787 # type: Content of: <chapter><section><section><para>
790 "If you want to be a good maintainer, you should periodically check the "
791 "<ulink url=\"&url-bts;\">Debian bug tracking system (BTS)</ulink> for your "
792 "packages. The BTS contains all the open bugs against your packages. You "
793 "can check them by browsing this page: <literal>http://&bugs-host;/"
794 "<replaceable>yourlogin</replaceable>@debian.org</literal>."
797 # type: Content of: <chapter><section><section><para>
800 "Maintainers interact with the BTS via email addresses at <literal>&bugs-host;"
801 "</literal>. Documentation on available commands can be found at <ulink url="
802 "\"&url-bts;\"></ulink>, or, if you have installed the <systemitem role="
803 "\"package\">doc-debian</systemitem> package, you can look at the local files "
807 # type: Content of: <chapter><section><section><para>
810 "Some find it useful to get periodic reports on open bugs. You can add a "
811 "cron job such as the following if you want to get a weekly email outlining "
812 "all the open bugs against your packages:"
815 # type: Content of: <chapter><section><section><screen>
820 "# ask for weekly reports of bugs in my packages\n"
821 "&cron-bug-report;\n"
824 # type: Content of: <chapter><section><section><para>
827 "Replace <replaceable>address</replaceable> with your official Debian "
828 "maintainer address."
831 # type: Content of: <chapter><section><section><title>
833 msgid "Responding to bugs"
836 # type: Content of: <chapter><section><section><para>
839 "When responding to bugs, make sure that any discussion you have about bugs "
840 "is sent both to the original submitter of the bug, and to the bug itself (e."
841 "g., <email>123@&bugs-host;</email>). If you're writing a new mail and you "
842 "don't remember the submitter email address, you can use the <email>123-"
843 "submitter@&bugs-host;</email> email to contact the submitter <emphasis>and</"
844 "emphasis> to record your mail within the bug log (that means you don't need "
845 "to send a copy of the mail to <email>123@&bugs-host;</email>)."
848 # type: Content of: <chapter><section><section><para>
851 "If you get a bug which mentions FTBFS, this means Fails to build from "
852 "source. Porters frequently use this acronym."
855 # type: Content of: <chapter><section><section><para>
858 "Once you've dealt with a bug report (e.g. fixed it), mark it as "
859 "<literal>done</literal> (close it) by sending an explanation message to "
860 "<email>123-done@&bugs-host;</email>. If you're fixing a bug by changing and "
861 "uploading the package, you can automate bug closing as described in <xref "
862 "linkend=\"upload-bugfix\"/> ."
865 # type: Content of: <chapter><section><section><para>
868 "You should <emphasis>never</emphasis> close bugs via the bug server "
869 "<literal>close</literal> command sent to &email-bts-control;. If you do so, "
870 "the original submitter will not receive any information about why the bug "
874 # type: Content of: <chapter><section><section><title>
876 msgid "Bug housekeeping"
879 # type: Content of: <chapter><section><section><para>
882 "As a package maintainer, you will often find bugs in other packages or have "
883 "bugs reported against your packages which are actually bugs in other "
884 "packages. The bug tracking system's features are described in the <ulink "
885 "url=\"&url-bts-devel;\">BTS documentation for Debian developers</ulink>. "
886 "Operations such as reassigning, merging, and tagging bug reports are "
887 "described in the <ulink url=\"&url-bts-control;\">BTS control server "
888 "documentation</ulink>. This section contains some guidelines for managing "
889 "your own bugs, based on the collective Debian developer experience."
892 # type: Content of: <chapter><section><section><para>
895 "Filing bugs for problems that you find in other packages is one of the civic "
896 "obligations of maintainership, see <xref linkend=\"submit-bug\"/> for "
897 "details. However, handling the bugs in your own packages is even more "
901 # type: Content of: <chapter><section><section><para>
903 msgid "Here's a list of steps that you may follow to handle a bug report:"
906 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
909 "Decide whether the report corresponds to a real bug or not. Sometimes users "
910 "are just calling a program in the wrong way because they haven't read the "
911 "documentation. If you diagnose this, just close the bug with enough "
912 "information to let the user correct their problem (give pointers to the good "
913 "documentation and so on). If the same report comes up again and again you "
914 "may ask yourself if the documentation is good enough or if the program "
915 "shouldn't detect its misuse in order to give an informative error message. "
916 "This is an issue that may need to be brought up with the upstream author."
919 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
922 "If the bug submitter disagrees with your decision to close the bug, they may "
923 "reopen it until you find an agreement on how to handle it. If you don't "
924 "find any, you may want to tag the bug <literal>wontfix</literal> to let "
925 "people know that the bug exists but that it won't be corrected. If this "
926 "situation is unacceptable, you (or the submitter) may want to require a "
927 "decision of the technical committee by reassigning the bug to <systemitem "
928 "role=\"package\">tech-ctte</systemitem> (you may use the clone command of "
929 "the BTS if you wish to keep it reported against your package). Before doing "
930 "so, please read the <ulink url=\"&url-tech-ctte;\">recommended procedure</"
934 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
937 "If the bug is real but it's caused by another package, just reassign the bug "
938 "to the right package. If you don't know which package it should be "
939 "reassigned to, you should ask for help on <link linkend=\"irc-channels"
940 "\">IRC</link> or on &email-debian-devel;. Please inform the maintainer(s) "
941 "of the package you reassign the bug to, for example by Cc:ing the message "
942 "that does the reassign to <email>packagename@packages.debian.org</email> and "
943 "explaining your reasons in that mail. Please note that a simple reassignment "
944 "is <emphasis>not</emphasis> e-mailed to the maintainers of the package being "
945 "reassigned to, so they won't know about it until they look at a bug overview "
946 "for their packages."
949 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
952 "If the bug affects the operation of your package, please consider cloning "
953 "the bug and reassigning the clone to the package that really causes the "
954 "behavior. Otherwise, the bug will not be shown in your package's bug list, "
955 "possibly causing users to report the same bug over and over again. You "
956 "should block \"your\" bug with the reassigned, cloned bug to document the "
960 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
963 "Sometimes you also have to adjust the severity of the bug so that it matches "
964 "our definition of the severity. That's because people tend to inflate the "
965 "severity of bugs to make sure their bugs are fixed quickly. Some bugs may "
966 "even be dropped to wishlist severity when the requested change is just "
970 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
973 "If the bug is real but the same problem has already been reported by someone "
974 "else, then the two relevant bug reports should be merged into one using the "
975 "merge command of the BTS. In this way, when the bug is fixed, all of the "
976 "submitters will be informed of this. (Note, however, that emails sent to "
977 "one bug report's submitter won't automatically be sent to the other report's "
978 "submitter.) For more details on the technicalities of the merge command and "
979 "its relative, the unmerge command, see the BTS control server documentation."
982 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
985 "The bug submitter may have forgotten to provide some information, in which "
986 "case you have to ask them for the required information. You may use the "
987 "<literal>moreinfo</literal> tag to mark the bug as such. Moreover if you "
988 "can't reproduce the bug, you tag it <literal>unreproducible</literal>. "
989 "Anyone who can reproduce the bug is then invited to provide more information "
990 "on how to reproduce it. After a few months, if this information has not "
991 "been sent by someone, the bug may be closed."
994 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
997 "If the bug is related to the packaging, you just fix it. If you are not "
998 "able to fix it yourself, then tag the bug as <literal>help</literal>. You "
999 "can also ask for help on &email-debian-devel; or &email-debian-qa;. If it's "
1000 "an upstream problem, you have to forward it to the upstream author. "
1001 "Forwarding a bug is not enough, you have to check at each release if the bug "
1002 "has been fixed or not. If it has, you just close it, otherwise you have to "
1003 "remind the author about it. If you have the required skills you can prepare "
1004 "a patch that fixes the bug and send it to the author at the same time. Make "
1005 "sure to send the patch to the BTS and to tag the bug as <literal>patch</"
1009 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
1012 "If you have fixed a bug in your local copy, or if a fix has been committed "
1013 "to the CVS repository, you may tag the bug as <literal>pending</literal> to "
1014 "let people know that the bug is corrected and that it will be closed with "
1015 "the next upload (add the <literal>closes:</literal> in the "
1016 "<filename>changelog</filename>). This is particularly useful if you are "
1017 "several developers working on the same package."
1020 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
1023 "Once a corrected package is available in the archive, the bug should be "
1024 "closed indicating the version in which it was fixed. This can be done "
1025 "automatically, read <xref linkend=\"upload-bugfix\"/>."
1028 # type: Content of: <chapter><section><section><title>
1030 msgid "When bugs are closed by new uploads"
1033 # type: Content of: <chapter><section><section><para>
1036 "As bugs and problems are fixed in your packages, it is your responsibility "
1037 "as the package maintainer to close these bugs. However, you should not "
1038 "close a bug until the package which fixes the bug has been accepted into the "
1039 "Debian archive. Therefore, once you get notification that your updated "
1040 "package has been installed into the archive, you can and should close the "
1041 "bug in the BTS. Also, the bug should be closed with the correct version."
1044 # type: Content of: <chapter><section><section><para>
1047 "However, it's possible to avoid having to manually close bugs after the "
1048 "upload — just list the fixed bugs in your <filename>debian/changelog</"
1049 "filename> file, following a certain syntax, and the archive maintenance "
1050 "software will close the bugs for you. For example:"
1053 # type: Content of: <chapter><section><section><screen>
1058 "acme-cannon (3.1415) unstable; urgency=low\n"
1060 " * Frobbed with options (closes: Bug#98339)\n"
1061 " * Added safety to prevent operator dismemberment, closes: bug#98765,\n"
1062 " bug#98713, #98714.\n"
1063 " * Added man page. Closes: #98725.\n"
1066 # type: Content of: <chapter><section><section><para>
1069 "Technically speaking, the following Perl regular expression describes how "
1070 "bug closing changelogs are identified:"
1073 # type: Content of: <chapter><section><section><screen>
1078 " /closes:\\s*(?:bug)?\\#\\s*\\d+(?:,\\s*(?:bug)?\\#\\s*\\d+)*/ig\n"
1081 # type: Content of: <chapter><section><section><para>
1084 "We prefer the <literal>closes: #<replaceable>XXX</replaceable></literal> "
1085 "syntax, as it is the most concise entry and the easiest to integrate with "
1086 "the text of the <filename>changelog</filename>. Unless specified different "
1087 "by the <replaceable>-v</replaceable>-switch to <command>dpkg-buildpackage</"
1088 "command>, only the bugs closed in the most recent changelog entry are closed "
1089 "(basically, exactly the bugs mentioned in the changelog-part in the "
1090 "<filename>.changes</filename> file are closed)."
1093 # type: Content of: <chapter><section><section><para>
1096 "Historically, uploads identified as <link linkend=\"nmu\">Non-maintainer "
1097 "upload (NMU)</link> were tagged <literal>fixed</literal> instead of being "
1098 "closed, but that practice was ceased with the advent of version-tracking. "
1099 "The same applied to the tag <literal>fixed-in-experimental</literal>."
1102 # type: Content of: <chapter><section><section><para>
1105 "If you happen to mistype a bug number or forget a bug in the changelog "
1106 "entries, don't hesitate to undo any damage the error caused. To reopen "
1107 "wrongly closed bugs, send a <literal>reopen <replaceable>XXX</replaceable></"
1108 "literal> command to the bug tracking system's control address, &email-bts-"
1109 "control;. To close any remaining bugs that were fixed by your upload, email "
1110 "the <filename>.changes</filename> file to <email>XXX-done@&bugs-host;</"
1111 "email>, where <replaceable>XXX</replaceable> is the bug number, and put "
1112 "Version: YYY and an empty line as the first two lines of the body of the "
1113 "email, where <replaceable>YYY</replaceable> is the first version where the "
1114 "bug has been fixed."
1117 # type: Content of: <chapter><section><section><para>
1120 "Bear in mind that it is not obligatory to close bugs using the changelog as "
1121 "described above. If you simply want to close bugs that don't have anything "
1122 "to do with an upload you made, do it by emailing an explanation to "
1123 "<email>XXX-done@&bugs-host;</email>. Do <emphasis role=\"strong\">not</"
1124 "emphasis> close bugs in the changelog entry of a version if the changes in "
1125 "that version of the package don't have any bearing on the bug."
1128 # type: Content of: <chapter><section><section><para>
1131 "For general information on how to write your changelog entries, see <xref "
1132 "linkend=\"bpp-debian-changelog\"/> ."
1135 # type: Content of: <chapter><section><section><title>
1137 msgid "Handling security-related bugs"
1140 # type: Content of: <chapter><section><section><para>
1143 "Due to their sensitive nature, security-related bugs must be handled "
1144 "carefully. The Debian Security Team exists to coordinate this activity, "
1145 "keeping track of outstanding security problems, helping maintainers with "
1146 "security problems or fixing them themselves, sending security advisories, "
1147 "and maintaining <literal>security.debian.org</literal>."
1150 # type: Content of: <chapter><section><section><para>
1153 "When you become aware of a security-related bug in a Debian package, whether "
1154 "or not you are the maintainer, collect pertinent information about the "
1155 "problem, and promptly contact the security team at &email-security-team; as "
1156 "soon as possible. <emphasis role=\"strong\">DO NOT UPLOAD</emphasis> any "
1157 "packages for <literal>stable</literal>; the security team will do that. "
1158 "Useful information includes, for example:"
1161 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
1164 "Which versions of the package are known to be affected by the bug. Check "
1165 "each version that is present in a supported Debian release, as well as "
1166 "<literal>testing</literal> and <literal>unstable</literal>."
1169 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
1172 "The nature of the fix, if any is available (patches are especially helpful)"
1175 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
1178 "Any fixed packages that you have prepared yourself (send only the <literal>."
1179 "diff.gz</literal> and <literal>.dsc</literal> files and read <xref linkend="
1180 "\"bug-security-building\"/> first)"
1183 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
1186 "Any assistance you can provide to help with testing (exploits, regression "
1190 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
1193 "Any information needed for the advisory (see <xref linkend=\"bug-security-"
1197 # type: Content of: <chapter><section><section><section><title>
1199 msgid "Confidentiality"
1202 # type: Content of: <chapter><section><section><section><para>
1205 "Unlike most other activities within Debian, information about security "
1206 "issues must sometimes be kept private for a time. This allows software "
1207 "distributors to coordinate their disclosure in order to minimize their "
1208 "users' exposure. Whether this is the case depends on the nature of the "
1209 "problem and corresponding fix, and whether it is already a matter of public "
1213 # type: Content of: <chapter><section><section><section><para>
1215 msgid "There are several ways developers can learn of a security problem:"
1218 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1220 msgid "they notice it on a public forum (mailing list, web site, etc.)"
1223 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1225 msgid "someone files a bug report"
1228 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1230 msgid "someone informs them via private email"
1233 # type: Content of: <chapter><section><section><section><para>
1236 "In the first two cases, the information is public and it is important to "
1237 "have a fix as soon as possible. In the last case, however, it might not be "
1238 "public information. In that case there are a few possible options for "
1239 "dealing with the problem:"
1242 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1245 "If the security exposure is minor, there is sometimes no need to keep the "
1246 "problem a secret and a fix should be made and released."
1249 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1252 "If the problem is severe, it is preferable to share the information with "
1253 "other vendors and coordinate a release. The security team keeps in contact "
1254 "with the various organizations and individuals and can take care of that."
1257 # type: Content of: <chapter><section><section><section><para>
1260 "In all cases if the person who reports the problem asks that it not be "
1261 "disclosed, such requests should be honored, with the obvious exception of "
1262 "informing the security team in order that a fix may be produced for a stable "
1263 "release of Debian. When sending confidential information to the security "
1264 "team, be sure to mention this fact."
1267 # type: Content of: <chapter><section><section><section><para>
1270 "Please note that if secrecy is needed you may not upload a fix to "
1271 "<literal>unstable</literal> (or anywhere else, such as a public CVS "
1272 "repository). It is not sufficient to obfuscate the details of the change, "
1273 "as the code itself is public, and can (and will) be examined by the general "
1277 # type: Content of: <chapter><section><section><section><para>
1280 "There are two reasons for releasing information even though secrecy is "
1281 "requested: the problem has been known for a while, or the problem or exploit "
1282 "has become public."
1285 # type: Content of: <chapter><section><section><section><title>
1287 msgid "Security Advisories"
1290 # type: Content of: <chapter><section><section><section><para>
1293 "Security advisories are only issued for the current, released stable "
1294 "distribution, and <emphasis>not</emphasis> for <literal>testing</literal> or "
1295 "<literal>unstable</literal>. When released, advisories are sent to the "
1296 "&email-debian-security-announce; mailing list and posted on <ulink url="
1297 "\"&url-debian-security-advisories;\">the security web page</ulink>. "
1298 "Security advisories are written and posted by the security team. However "
1299 "they certainly do not mind if a maintainer can supply some of the "
1300 "information for them, or write part of the text. Information that should be "
1301 "in an advisory includes:"
1304 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1306 msgid "A description of the problem and its scope, including:"
1309 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><itemizedlist><listitem><para>
1311 msgid "The type of problem (privilege escalation, denial of service, etc.)"
1314 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><itemizedlist><listitem><para>
1316 msgid "What privileges may be gained, and by whom (if any)"
1319 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><itemizedlist><listitem><para>
1321 msgid "How it can be exploited"
1324 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><itemizedlist><listitem><para>
1326 msgid "Whether it is remotely or locally exploitable"
1329 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><itemizedlist><listitem><para>
1331 msgid "How the problem was fixed"
1334 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1336 msgid "This information allows users to assess the threat to their systems."
1339 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1341 msgid "Version numbers of affected packages"
1344 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1346 msgid "Version numbers of fixed packages"
1349 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1352 "Information on where to obtain the updated packages (usually from the Debian "
1356 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1359 "References to upstream advisories, <ulink url=\"http://cve.mitre.org\">CVE</"
1360 "ulink> identifiers, and any other information useful in cross-referencing "
1364 # type: Content of: <chapter><section><section><section><title>
1366 msgid "Preparing packages to address security issues"
1369 # type: Content of: <chapter><section><section><section><para>
1372 "One way that you can assist the security team in their duties is to provide "
1373 "them with fixed packages suitable for a security advisory for the stable "
1377 # type: Content of: <chapter><section><section><section><para>
1380 "When an update is made to the stable release, care must be taken to avoid "
1381 "changing system behavior or introducing new bugs. In order to do this, make "
1382 "as few changes as possible to fix the bug. Users and administrators rely on "
1383 "the exact behavior of a release once it is made, so any change that is made "
1384 "might break someone's system. This is especially true of libraries: make "
1385 "sure you never change the API or ABI, no matter how small the change."
1388 # type: Content of: <chapter><section><section><section><para>
1391 "This means that moving to a new upstream version is not a good solution. "
1392 "Instead, the relevant changes should be back-ported to the version present "
1393 "in the current stable Debian release. Generally, upstream maintainers are "
1394 "willing to help if needed. If not, the Debian security team may be able to "
1398 # type: Content of: <chapter><section><section><section><para>
1401 "In some cases, it is not possible to back-port a security fix, for example "
1402 "when large amounts of source code need to be modified or rewritten. If this "
1403 "happens, it may be necessary to move to a new upstream version. However, "
1404 "this is only done in extreme situations, and you must always coordinate that "
1405 "with the security team beforehand."
1408 # type: Content of: <chapter><section><section><section><para>
1411 "Related to this is another important guideline: always test your changes. "
1412 "If you have an exploit available, try it and see if it indeed succeeds on "
1413 "the unpatched package and fails on the fixed package. Test other, normal "
1414 "actions as well, as sometimes a security fix can break seemingly unrelated "
1415 "features in subtle ways."
1418 # type: Content of: <chapter><section><section><section><para>
1421 "Do <emphasis role=\"strong\">NOT</emphasis> include any changes in your "
1422 "package which are not directly related to fixing the vulnerability. These "
1423 "will only need to be reverted, and this wastes time. If there are other "
1424 "bugs in your package that you would like to fix, make an upload to proposed-"
1425 "updates in the usual way, after the security advisory is issued. The "
1426 "security update mechanism is not a means for introducing changes to your "
1427 "package which would otherwise be rejected from the stable release, so please "
1428 "do not attempt to do this."
1431 # type: Content of: <chapter><section><section><section><para>
1434 "Review and test your changes as much as possible. Check the differences "
1435 "from the previous version repeatedly (<command>interdiff</command> from the "
1436 "<systemitem role=\"package\">patchutils</systemitem> package and "
1437 "<command>debdiff</command> from <systemitem role=\"package\">devscripts</"
1438 "systemitem> are useful tools for this, see <xref linkend=\"debdiff\"/> )."
1441 # type: Content of: <chapter><section><section><section><para>
1443 msgid "Be sure to verify the following items:"
1446 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1449 "Target the right distribution in your <filename>debian/changelog</"
1450 "filename>. For <literal>stable</literal> this is <literal>stable-security</"
1451 "literal> and for testing this is <literal>testing-security</literal>, and "
1452 "for the previous stable release, this is <literal>oldstable-security</"
1453 "literal>. Do not target <replaceable>distribution</replaceable><literal>-"
1454 "proposed-updates</literal> or <literal>stable</literal>!"
1457 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1459 msgid "The upload should have urgency=high."
1462 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1465 "Make descriptive, meaningful changelog entries. Others will rely on them to "
1466 "determine whether a particular bug was fixed. Always include an external "
1467 "reference, preferably a CVE identifier, so that it can be cross-referenced. "
1468 "Include the same information in the changelog for <literal>unstable</"
1469 "literal>, so that it is clear that the same bug was fixed, as this is very "
1470 "helpful when verifying that the bug is fixed in the next stable release. If "
1471 "a CVE identifier has not yet been assigned, the security team will request "
1472 "one so that it can be included in the package and in the advisory."
1475 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1478 "Make sure the version number is proper. It must be greater than the current "
1479 "package, but less than package versions in later distributions. If in "
1480 "doubt, test it with <literal>dpkg --compare-versions</literal>. Be careful "
1481 "not to re-use a version number that you have already used for a previous "
1482 "upload. For <literal>testing</literal>, there must be a higher version in "
1483 "<literal>unstable</literal>. If there is none yet (for example, if "
1484 "<literal>testing</literal> and <literal>unstable</literal> have the same "
1485 "version) you must upload a new version to <literal>unstable</literal> first."
1488 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1491 "Do not make source-only uploads if your package has any binary-all packages "
1492 "(do not use the <literal>-S</literal> option to <command>dpkg-buildpackage</"
1493 "command>). The <command>buildd</command> infrastructure will not build "
1494 "those. This point applies to normal package uploads as well."
1497 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1500 "Unless the upstream source has been uploaded to <literal>security.debian.org "
1501 "</literal> before (by a previous security update), build the upload with "
1502 "full upstream source (<literal>dpkg-buildpackage -sa</literal>). If there "
1503 "has been a previous upload to <literal>security.debian.org</literal> with "
1504 "the same upstream version, you may upload without upstream source (<literal> "
1505 "dpkg-buildpackage -sd</literal>)."
1508 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1511 "Be sure to use the exact same <filename>*.orig.tar.gz</filename> as used in "
1512 "the normal archive, otherwise it is not possible to move the security fix "
1513 "into the main archives later."
1516 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1519 "Build the package on a clean system which only has packages installed from "
1520 "the distribution you are building for. If you do not have such a system "
1521 "yourself, you can use a debian.org machine (see <xref linkend=\"server-"
1522 "machines\"/> ) or setup a chroot (see <xref linkend=\"pbuilder\"/> and <xref "
1523 "linkend=\"debootstrap\"/> )."
1526 # type: Content of: <chapter><section><section><section><title>
1528 msgid "Uploading the fixed package"
1531 # type: Content of: <chapter><section><section><section><para>
1534 "Do <emphasis role=\"strong\">NOT</emphasis> upload a package to the security "
1535 "upload queue (<literal>oldstable-security</literal>, <literal>stable-"
1536 "security </literal>, etc.) without prior authorization from the security "
1537 "team. If the package does not exactly meet the team's requirements, it will "
1538 "cause many problems and delays in dealing with the unwanted upload."
1541 # type: Content of: <chapter><section><section><section><para>
1544 "Do <emphasis role=\"strong\">NOT</emphasis> upload your fix to <literal> "
1545 "proposed-updates</literal> without coordinating with the security team. "
1546 "Packages from <literal>security.debian.org</literal> will be copied into the "
1547 "<literal>proposed-updates</literal> directory automatically. If a package "
1548 "with the same or a higher version number is already installed into the "
1549 "archive, the security update will be rejected by the archive system. That "
1550 "way, the stable distribution will end up without a security update for this "
1554 # type: Content of: <chapter><section><section><section><para>
1557 "Once you have created and tested the new package and it has been approved by "
1558 "the security team, it needs to be uploaded so that it can be installed in "
1559 "the archives. For security uploads, the place to upload to is "
1560 "<literal>ftp://security-master.debian.org/pub/SecurityUploadQueue/</"
1564 # type: Content of: <chapter><section><section><section><para>
1567 "Once an upload to the security queue has been accepted, the package will "
1568 "automatically be rebuilt for all architectures and stored for verification "
1569 "by the security team."
1572 # type: Content of: <chapter><section><section><section><para>
1575 "Uploads which are waiting for acceptance or verification are only accessible "
1576 "by the security team. This is necessary since there might be fixes for "
1577 "security problems that cannot be disclosed yet."
1580 # type: Content of: <chapter><section><section><section><para>
1583 "If a member of the security team accepts a package, it will be installed on "
1584 "<literal>security.debian.org</literal> as well as proposed for the proper "
1585 "<replaceable>distribution</replaceable><literal>-proposed-updates</literal> "
1586 "on <literal>&ftp-master-host;</literal>."
1589 # type: Content of: <chapter><section><title>
1591 msgid "Moving, removing, renaming, adopting, and orphaning packages"
1594 # type: Content of: <chapter><section><para>
1597 "Some archive manipulation operations are not automated in the Debian upload "
1598 "process. These procedures should be manually followed by maintainers. This "
1599 "chapter gives guidelines on what to do in these cases."
1602 # type: Content of: <chapter><section><section><title>
1604 msgid "Moving packages"
1607 # type: Content of: <chapter><section><section><para><footnote>
1610 "Sometimes a package will change its section. For instance, a package from "
1611 "the `non-free' section might be GPL'd in a later version, in which case the "
1612 "package should be moved to `main' or `contrib'.<footnote>"
1615 # type: Content of: <chapter><section><section><para><footnote><para>
1618 "See the <ulink url=\"&url-debian-policy;\">Debian Policy Manual</ulink> for "
1619 "guidelines on what section a package belongs in."
1622 # type: Content of: <chapter><section><section><section><para>
1623 #: pkgs.dbk:1216 pkgs.dbk:1648
1627 # type: Content of: <chapter><section><section><para>
1630 "If you need to change the section for one of your packages, change the "
1631 "package control information to place the package in the desired section, and "
1632 "re-upload the package (see the <ulink url=\"&url-debian-policy;\">Debian "
1633 "Policy Manual</ulink> for details). You must ensure that you include the "
1634 "<filename>.orig.tar.gz</filename> in your upload (even if you are not "
1635 "uploading a new upstream version), or it will not appear in the new section "
1636 "together with the rest of the package. If your new section is valid, it "
1637 "will be moved automatically. If it does not, then contact the ftpmasters in "
1638 "order to understand what happened."
1641 # type: Content of: <chapter><section><section><para>
1644 "If, on the other hand, you need to change the <literal>subsection</literal> "
1645 "of one of your packages (e.g., ``devel'', ``admin''), the procedure is "
1646 "slightly different. Correct the subsection as found in the control file of "
1647 "the package, and re-upload that. Also, you'll need to get the override file "
1648 "updated, as described in <xref linkend=\"override-file\"/> ."
1651 # type: Content of: <chapter><section><section><title>
1653 msgid "Removing packages"
1656 # type: Content of: <chapter><section><section><para>
1659 "If for some reason you want to completely remove a package (say, if it is an "
1660 "old compatibility library which is no longer required), you need to file a "
1661 "bug against <literal>ftp.debian.org</literal> asking that the package be "
1662 "removed; as all bugs, this bug should normally have normal severity. The "
1663 "bug title should be in the form <literal>RM: <replaceable>package </"
1664 "replaceable> <replaceable>[architecture list]</replaceable> -- "
1665 "<replaceable>reason</replaceable></literal>, where <replaceable>package</"
1666 "replaceable> is the package to be removed and <replaceable>reason</"
1667 "replaceable> is a short summary of the reason for the removal request. "
1668 "<replaceable>[architecture list]</replaceable> is optional and only needed "
1669 "if the removal request only applies to some architectures, not all. Note "
1670 "that the <command>reportbug</command> will create a title conforming to "
1671 "these rules when you use it to report a bug against the <literal> ftp.debian."
1672 "org</literal> pseudo-package."
1675 # type: Content of: <chapter><section><section><para>
1678 "If you want to remove a package you maintain, you should note this in the "
1679 "bug title by prepending <literal>ROM</literal> (Request Of Maintainer). "
1680 "There are several other standard acronyms used in the reasoning for a "
1681 "package removal, see <ulink url=\"http://&ftp-master-host;/removals.html\"></"
1682 "ulink> for a complete list. That page also provides a convenient overview of "
1683 "pending removal requests."
1686 # type: Content of: <chapter><section><section><para>
1689 "Note that removals can only be done for the <literal>unstable </literal>, "
1690 "<literal>experimental</literal> and <literal>stable </literal> "
1691 "distribution. Packages are not removed from <literal>testing</literal> "
1692 "directly. Rather, they will be removed automatically after the package has "
1693 "been removed from <literal>unstable</literal> and no package in "
1694 "<literal>testing </literal> depends on it."
1697 # type: Content of: <chapter><section><section><para>
1700 "There is one exception when an explicit removal request is not necessary: If "
1701 "a (source or binary) package is an orphan, it will be removed semi-"
1702 "automatically. For a binary-package, this means if there is no longer any "
1703 "source package producing this binary package; if the binary package is just "
1704 "no longer produced on some architectures, a removal request is still "
1705 "necessary. For a source-package, this means that all binary packages it "
1706 "refers to have been taken over by another source package."
1709 # type: Content of: <chapter><section><section><para>
1712 "In your removal request, you have to detail the reasons justifying the "
1713 "request. This is to avoid unwanted removals and to keep a trace of why a "
1714 "package has been removed. For example, you can provide the name of the "
1715 "package that supersedes the one to be removed."
1718 # type: Content of: <chapter><section><section><para>
1721 "Usually you only ask for the removal of a package maintained by yourself. "
1722 "If you want to remove another package, you have to get the approval of its "
1723 "maintainer. Should the package be orphaned and thus have no maintainer, you "
1724 "should first discuss the removal request on &email-debian-qa;. If there is a "
1725 "consensus that the package should be removed, you should reassign and "
1726 "retitle the <literal>O:</literal> bug filed against the <literal>wnpp</"
1727 "literal> package instead of filing a new bug as removal request."
1730 # type: Content of: <chapter><section><section><para>
1733 "Further information relating to these and other package removal related "
1734 "topics may be found at <ulink url=\"http://wiki.debian.org/ftpmaster_Removals"
1735 "\"></ulink> and <ulink url=\"&url-debian-qa;howto-remove.html\"></ulink>."
1738 # type: Content of: <chapter><section><section><para>
1741 "If in doubt concerning whether a package is disposable, email &email-debian-"
1742 "devel; asking for opinions. Also of interest is the <command>apt-cache</"
1743 "command> program from the <systemitem role=\"package\">apt</systemitem> "
1744 "package. When invoked as <literal>apt-cache showpkg <replaceable>package</"
1745 "replaceable></literal>, the program will show details for "
1746 "<replaceable>package</replaceable>, including reverse depends. Other useful "
1747 "programs include <literal>apt-cache rdepends</literal>, <command>apt-"
1748 "rdepends</command>, <command>build-rdeps</command> (in the <systemitem role="
1749 "\"package\">devscripts</systemitem> package) and <command>grep-dctrl</"
1750 "command>. Removal of orphaned packages is discussed on &email-debian-qa;."
1753 # type: Content of: <chapter><section><section><para>
1756 "Once the package has been removed, the package's bugs should be handled. "
1757 "They should either be reassigned to another package in the case where the "
1758 "actual code has evolved into another package (e.g. <literal>libfoo12</"
1759 "literal> was removed because <literal>libfoo13</literal> supersedes it) or "
1760 "closed if the software is simply no longer part of Debian."
1763 # type: Content of: <chapter><section><section><section><title>
1765 msgid "Removing packages from <filename>Incoming</filename>"
1768 # type: Content of: <chapter><section><section><section><para>
1771 "In the past, it was possible to remove packages from <filename>incoming</"
1772 "filename>. However, with the introduction of the new incoming system, this "
1773 "is no longer possible. Instead, you have to upload a new revision of your "
1774 "package with a higher version than the package you want to replace. Both "
1775 "versions will be installed in the archive but only the higher version will "
1776 "actually be available in <literal>unstable</literal> since the previous "
1777 "version will immediately be replaced by the higher. However, if you do "
1778 "proper testing of your packages, the need to replace a package should not "
1779 "occur too often anyway."
1782 # type: Content of: <chapter><section><section><title>
1784 msgid "Replacing or renaming packages"
1787 # type: Content of: <chapter><section><section><para>
1790 "When the upstream maintainers for one of your packages chose to rename their "
1791 "software (or you made a mistake naming your package), you should follow a "
1792 "two-step process to rename it. In the first step, change the "
1793 "<filename>debian/control</filename> file to reflect the new name and to "
1794 "replace, provide and conflict with the obsolete package name (see the <ulink "
1795 "url=\"&url-debian-policy;\"> Debian Policy Manual</ulink> for details). "
1796 "Please note that you should only add a <literal>Provides</literal> relation "
1797 "if all packages depending on the obsolete package name continue to work "
1798 "after the renaming. Once you've uploaded the package and the package has "
1799 "moved into the archive, file a bug against <literal> ftp.debian.org</"
1800 "literal> asking to remove the package with the obsolete name (see <xref "
1801 "linkend=\"removing-pkgs\"/>). Do not forget to properly reassign the "
1802 "package's bugs at the same time."
1805 # type: Content of: <chapter><section><section><para>
1808 "At other times, you may make a mistake in constructing your package and wish "
1809 "to replace it. The only way to do this is to increase the version number "
1810 "and upload a new version. The old version will be expired in the usual "
1811 "manner. Note that this applies to each part of your package, including the "
1812 "sources: if you wish to replace the upstream source tarball of your package, "
1813 "you will need to upload it with a different version. An easy possibility is "
1814 "to replace <filename>foo_1.00.orig.tar.gz</filename> with <filename>foo_1.00"
1815 "+0.orig.tar.gz</filename>. This restriction gives each file on the ftp site "
1816 "a unique name, which helps to ensure consistency across the mirror network."
1819 # type: Content of: <chapter><section><section><title>
1821 msgid "Orphaning a package"
1824 # type: Content of: <chapter><section><section><para>
1827 "If you can no longer maintain a package, you need to inform others, and see "
1828 "that the package is marked as orphaned. You should set the package "
1829 "maintainer to <literal>Debian QA Group &orphan-address;</literal> and submit "
1830 "a bug report against the pseudo package <systemitem role=\"package\">wnpp</"
1831 "systemitem>. The bug report should be titled <literal>O: "
1832 "<replaceable>package</replaceable> -- <replaceable>short description</"
1833 "replaceable></literal> indicating that the package is now orphaned. The "
1834 "severity of the bug should be set to <literal>normal</literal>; if the "
1835 "package has a priority of standard or higher, it should be set to "
1836 "important. If you feel it's necessary, send a copy to &email-debian-devel; "
1837 "by putting the address in the X-Debbugs-CC: header of the message (no, don't "
1838 "use CC:, because that way the message's subject won't indicate the bug "
1842 # type: Content of: <chapter><section><section><para>
1845 "If you just intend to give the package away, but you can keep maintainership "
1846 "for the moment, then you should instead submit a bug against <systemitem "
1847 "role=\"package\">wnpp</systemitem> and title it <literal>RFA: "
1848 "<replaceable>package</replaceable> -- <replaceable>short description</"
1849 "replaceable></literal>. <literal>RFA</literal> stands for <literal>Request "
1850 "For Adoption</literal>."
1853 # type: Content of: <chapter><section><section><para>
1856 "More information is on the <ulink url=\"&url-wnpp;\">WNPP web pages</ulink>."
1859 # type: Content of: <chapter><section><section><title>
1861 msgid "Adopting a package"
1864 # type: Content of: <chapter><section><section><para>
1867 "A list of packages in need of a new maintainer is available in the <ulink "
1868 "url=\"&url-wnpp;\">Work-Needing and Prospective Packages list (WNPP)</"
1869 "ulink>. If you wish to take over maintenance of any of the packages listed "
1870 "in the WNPP, please take a look at the aforementioned page for information "
1874 # type: Content of: <chapter><section><section><para>
1877 "It is not OK to simply take over a package that you feel is neglected — that "
1878 "would be package hijacking. You can, of course, contact the current "
1879 "maintainer and ask them if you may take over the package. If you have "
1880 "reason to believe a maintainer has gone AWOL (absent without leave), see "
1881 "<xref linkend=\"mia-qa\"/> ."
1884 # type: Content of: <chapter><section><section><para>
1887 "Generally, you may not take over the package without the assent of the "
1888 "current maintainer. Even if they ignore you, that is still not grounds to "
1889 "take over a package. Complaints about maintainers should be brought up on "
1890 "the developers' mailing list. If the discussion doesn't end with a positive "
1891 "conclusion, and the issue is of a technical nature, consider bringing it to "
1892 "the attention of the technical committee (see the <ulink url=\"&url-tech-"
1893 "ctte;\">technical committee web page</ulink> for more information)."
1896 # type: Content of: <chapter><section><section><para>
1899 "If you take over an old package, you probably want to be listed as the "
1900 "package's official maintainer in the bug system. This will happen "
1901 "automatically once you upload a new version with an updated "
1902 "<literal>Maintainer:</literal> field, although it can take a few hours after "
1903 "the upload is done. If you do not expect to upload a new version for a "
1904 "while, you can use <xref linkend=\"pkg-tracking-system\"/> to get the bug "
1905 "reports. However, make sure that the old maintainer has no problem with the "
1906 "fact that they will continue to receive the bugs during that time."
1909 # type: Content of: <chapter><section><title>
1911 msgid "Porting and being ported"
1914 # type: Content of: <chapter><section><para>
1917 "Debian supports an ever-increasing number of architectures. Even if you are "
1918 "not a porter, and you don't use any architecture but one, it is part of your "
1919 "duty as a maintainer to be aware of issues of portability. Therefore, even "
1920 "if you are not a porter, you should read most of this chapter."
1923 # type: Content of: <chapter><section><para>
1926 "Porting is the act of building Debian packages for architectures that are "
1927 "different from the original architecture of the package maintainer's binary "
1928 "package. It is a unique and essential activity. In fact, porters do most "
1929 "of the actual compiling of Debian packages. For instance, when a maintainer "
1930 "uploads a (portable) source packages with binaries for the <literal>i386 </"
1931 "literal> architecture, it will be built for each of the other architectures, "
1932 "amounting to &number-of-arches; more builds."
1935 # type: Content of: <chapter><section><section><title>
1937 msgid "Being kind to porters"
1940 # type: Content of: <chapter><section><section><para>
1943 "Porters have a difficult and unique task, since they are required to deal "
1944 "with a large volume of packages. Ideally, every source package should build "
1945 "right out of the box. Unfortunately, this is often not the case. This "
1946 "section contains a checklist of ``gotchas'' often committed by Debian "
1947 "maintainers — common problems which often stymie porters, and make their "
1948 "jobs unnecessarily difficult."
1951 # type: Content of: <chapter><section><section><para>
1954 "The first and most important thing is to respond quickly to bug or issues "
1955 "raised by porters. Please treat porters with courtesy, as if they were in "
1956 "fact co-maintainers of your package (which, in a way, they are). Please be "
1957 "tolerant of succinct or even unclear bug reports; do your best to hunt down "
1958 "whatever the problem is."
1961 # type: Content of: <chapter><section><section><para>
1964 "By far, most of the problems encountered by porters are caused by "
1965 "<emphasis>packaging bugs</emphasis> in the source packages. Here is a "
1966 "checklist of things you should check or be aware of."
1969 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
1972 "Make sure that your <literal>Build-Depends</literal> and <literal>Build-"
1973 "Depends-Indep</literal> settings in <filename>debian/control</filename> are "
1974 "set properly. The best way to validate this is to use the <systemitem role="
1975 "\"package\">debootstrap</systemitem> package to create an <literal>unstable</"
1976 "literal> chroot environment (see <xref linkend=\"debootstrap\"/> ). Within "
1977 "that chrooted environment, install the <systemitem role=\"package\">build-"
1978 "essential</systemitem> package and any package dependencies mentioned in "
1979 "<literal>Build-Depends</literal> and/or <literal>Build-Depends-Indep</"
1980 "literal>. Finally, try building your package within that chrooted "
1981 "environment. These steps can be automated by the use of the "
1982 "<command>pbuilder</command> program which is provided by the package of the "
1983 "same name (see <xref linkend=\"pbuilder\"/> )."
1986 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
1989 "If you can't set up a proper chroot, <command>dpkg-depcheck</command> may be "
1990 "of assistance (see <xref linkend=\"dpkg-depcheck\"/> )."
1993 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
1996 "See the <ulink url=\"&url-debian-policy;\">Debian Policy Manual</ulink> for "
1997 "instructions on setting build dependencies."
2000 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
2003 "Don't set architecture to a value other than <literal>all</literal> or "
2004 "<literal>any</literal> unless you really mean it. In too many cases, "
2005 "maintainers don't follow the instructions in the <ulink url=\"&url-debian-"
2006 "policy;\">Debian Policy Manual</ulink>. Setting your architecture to only "
2007 "one architecture (such as <literal>i386</literal> or <literal>amd64</"
2008 "literal>) is usually incorrect."
2011 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
2014 "Make sure your source package is correct. Do <literal>dpkg-source -x "
2015 "<replaceable>package</replaceable>.dsc</literal> to make sure your source "
2016 "package unpacks properly. Then, in there, try building your package from "
2017 "scratch with <command>dpkg-buildpackage</command>."
2020 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
2023 "Make sure you don't ship your source package with the <filename>debian/"
2024 "files</filename> or <filename>debian/substvars</filename> files. They "
2025 "should be removed by the <literal>clean</literal> target of <filename>debian/"
2029 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
2032 "Make sure you don't rely on locally installed or hacked configurations or "
2033 "programs. For instance, you should never be calling programs in <filename>/"
2034 "usr/local/bin</filename> or the like. Try not to rely on programs being "
2035 "setup in a special way. Try building your package on another machine, even "
2036 "if it's the same architecture."
2039 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
2042 "Don't depend on the package you're building being installed already (a sub-"
2043 "case of the above issue). There are, of course, exceptions to this rule, but "
2044 "be aware that any case like this needs manual bootstrapping and cannot be "
2045 "done by automated package builders."
2048 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
2051 "Don't rely on the compiler being a certain version, if possible. If not, "
2052 "then make sure your build dependencies reflect the restrictions, although "
2053 "you are probably asking for trouble, since different architectures sometimes "
2054 "standardize on different compilers."
2057 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
2060 "Make sure your debian/rules contains separate <literal>binary-arch</literal> "
2061 "and <literal>binary-indep</literal> targets, as the Debian Policy Manual "
2062 "requires. Make sure that both targets work independently, that is, that you "
2063 "can call the target without having called the other before. To test this, "
2064 "try to run <command>dpkg-buildpackage -B</command>."
2067 # type: Content of: <chapter><section><section><title>
2069 msgid "Guidelines for porter uploads"
2072 # type: Content of: <chapter><section><section><para>
2075 "If the package builds out of the box for the architecture to be ported to, "
2076 "you are in luck and your job is easy. This section applies to that case; it "
2077 "describes how to build and upload your binary package so that it is properly "
2078 "installed into the archive. If you do have to patch the package in order to "
2079 "get it to compile for the other architecture, you are actually doing a "
2080 "source NMU, so consult <xref linkend=\"nmu-guidelines\"/> instead."
2083 # type: Content of: <chapter><section><section><para>
2086 "For a porter upload, no changes are being made to the source. You do not "
2087 "need to touch any of the files in the source package. This includes "
2088 "<filename>debian/changelog</filename>."
2091 # type: Content of: <chapter><section><section><para>
2094 "The way to invoke <command>dpkg-buildpackage</command> is as <literal>dpkg-"
2095 "buildpackage -B -m<replaceable>porter-email</replaceable></literal>. Of "
2096 "course, set <replaceable>porter-email</replaceable> to your email address. "
2097 "This will do a binary-only build of only the architecture-dependent portions "
2098 "of the package, using the <literal>binary-arch</literal> target in "
2099 "<filename>debian/rules </filename>."
2102 # type: Content of: <chapter><section><section><para>
2105 "If you are working on a Debian machine for your porting efforts and you need "
2106 "to sign your upload locally for its acceptance in the archive, you can run "
2107 "<command>debsign</command> on your <filename>.changes</filename> file to "
2108 "have it signed conveniently, or use the remote signing mode of <command>dpkg-"
2112 # type: Content of: <chapter><section><section><section><title>
2114 msgid "Recompilation or binary-only NMU"
2117 # type: Content of: <chapter><section><section><section><para>
2120 "Sometimes the initial porter upload is problematic because the environment "
2121 "in which the package was built was not good enough (outdated or obsolete "
2122 "library, bad compiler, ...). Then you may just need to recompile it in an "
2123 "updated environment. However, you have to bump the version number in this "
2124 "case, so that the old bad package can be replaced in the Debian archive "
2125 "(<command>dak</command> refuses to install new packages if they don't have a "
2126 "version number greater than the currently available one)."
2129 # type: Content of: <chapter><section><section><section><para>
2132 "You have to make sure that your binary-only NMU doesn't render the package "
2133 "uninstallable. This could happen when a source package generates arch-"
2134 "dependent and arch-independent packages that have inter-dependencies "
2135 "generated using dpkg's substitution variable <literal>$(Source-Version) </"
2139 # type: Content of: <chapter><section><section><section><para>
2142 "Despite the required modification of the changelog, these are called binary-"
2143 "only NMUs — there is no need in this case to trigger all other architectures "
2144 "to consider themselves out of date or requiring recompilation."
2147 # type: Content of: <chapter><section><section><section><para>
2150 "Such recompilations require special ``magic'' version numbering, so that the "
2151 "archive maintenance tools recognize that, even though there is a new Debian "
2152 "version, there is no corresponding source update. If you get this wrong, "
2153 "the archive maintainers will reject your upload (due to lack of "
2154 "corresponding source code)."
2157 # type: Content of: <chapter><section><section><section><para><footnote>
2160 "The ``magic'' for a recompilation-only NMU is triggered by using a suffix "
2161 "appended to the package version number, following the form <literal> "
2162 "b<replaceable>number</replaceable></literal>. For instance, if the latest "
2163 "version you are recompiling against was version <literal>2.9-3</literal>, "
2164 "your binary-only NMU should carry a version of <literal>2.9-3+b1</literal>. "
2165 "If the latest version was <literal>3.4+b1 </literal> (i.e, a native package "
2166 "with a previous recompilation NMU), your binary-only NMU should have a "
2167 "version number of <literal>3.4+b2</literal>. <footnote>"
2170 # type: Content of: <chapter><section><section><section><para><footnote><para>
2173 "In the past, such NMUs used the third-level number on the Debian part of the "
2174 "revision to denote their recompilation-only status; however, this syntax was "
2175 "ambiguous with native packages and did not allow proper ordering of "
2176 "recompile-only NMUs, source NMUs, and security NMUs on the same package, and "
2177 "has therefore been abandoned in favor of this new syntax."
2180 # type: Content of: <chapter><section><section><section><para>
2183 "Similar to initial porter uploads, the correct way of invoking <command>dpkg-"
2184 "buildpackage</command> is <literal>dpkg-buildpackage -B</literal> to only "
2185 "build the architecture-dependent parts of the package."
2188 # type: Content of: <chapter><section><section><section><title>
2190 msgid "When to do a source NMU if you are a porter"
2193 # type: Content of: <chapter><section><section><section><para>
2196 "Porters doing a source NMU generally follow the guidelines found in <xref "
2197 "linkend=\"nmu\"/> , just like non-porters. However, it is expected that the "
2198 "wait cycle for a porter's source NMU is smaller than for a non-porter, since "
2199 "porters have to cope with a large quantity of packages. Again, the "
2200 "situation varies depending on the distribution they are uploading to. It "
2201 "also varies whether the architecture is a candidate for inclusion into the "
2202 "next stable release; the release managers decide and announce which "
2203 "architectures are candidates."
2206 # type: Content of: <chapter><section><section><section><para>
2209 "If you are a porter doing an NMU for <literal>unstable</literal>, the above "
2210 "guidelines for porting should be followed, with two variations. Firstly, "
2211 "the acceptable waiting period — the time between when the bug is submitted "
2212 "to the BTS and when it is OK to do an NMU — is seven days for porters "
2213 "working on the <literal>unstable</literal> distribution. This period can be "
2214 "shortened if the problem is critical and imposes hardship on the porting "
2215 "effort, at the discretion of the porter group. (Remember, none of this is "
2216 "Policy, just mutually agreed upon guidelines.) For uploads to "
2217 "<literal>stable</literal> or <literal>testing </literal>, please coordinate "
2218 "with the appropriate release team first."
2221 # type: Content of: <chapter><section><section><section><para>
2224 "Secondly, porters doing source NMUs should make sure that the bug they "
2225 "submit to the BTS should be of severity <literal>serious</literal> or "
2226 "greater. This ensures that a single source package can be used to compile "
2227 "every supported Debian architecture by release time. It is very important "
2228 "that we have one version of the binary and source package for all "
2229 "architectures in order to comply with many licenses."
2232 # type: Content of: <chapter><section><section><section><para>
2235 "Porters should try to avoid patches which simply kludge around bugs in the "
2236 "current version of the compile environment, kernel, or libc. Sometimes such "
2237 "kludges can't be helped. If you have to kludge around compiler bugs and the "
2238 "like, make sure you <literal>#ifdef</literal> your work properly; also, "
2239 "document your kludge so that people know to remove it once the external "
2240 "problems have been fixed."
2243 # type: Content of: <chapter><section><section><section><para>
2246 "Porters may also have an unofficial location where they can put the results "
2247 "of their work during the waiting period. This helps others running the port "
2248 "have the benefit of the porter's work, even during the waiting period. Of "
2249 "course, such locations have no official blessing or status, so buyer beware."
2252 # type: Content of: <chapter><section><section><title>
2254 msgid "Porting infrastructure and automation"
2257 # type: Content of: <chapter><section><section><para>
2260 "There is infrastructure and several tools to help automate package porting. "
2261 "This section contains a brief overview of this automation and porting to "
2262 "these tools; see the package documentation or references for full "
2266 # type: Content of: <chapter><section><section><section><title>
2268 msgid "Mailing lists and web pages"
2271 # type: Content of: <chapter><section><section><section><para>
2274 "Web pages containing the status of each port can be found at <ulink url="
2275 "\"&url-debian-ports;\"></ulink>."
2278 # type: Content of: <chapter><section><section><section><para>
2281 "Each port of Debian has a mailing list. The list of porting mailing lists "
2282 "can be found at <ulink url=\"&url-debian-port-lists;\"></ulink>. These "
2283 "lists are used to coordinate porters, and to connect the users of a given "
2284 "port with the porters."
2287 # type: Content of: <chapter><section><section><section><title>
2289 msgid "Porter tools"
2292 # type: Content of: <chapter><section><section><section><para>
2295 "Descriptions of several porting tools can be found in <xref linkend=\"tools-"
2299 # type: Content of: <chapter><section><section><section><title>
2301 msgid "<systemitem role=\"package\">wanna-build</systemitem>"
2304 # type: Content of: <chapter><section><section><section><para>
2307 "The <systemitem role=\"package\">wanna-build</systemitem> system is used as "
2308 "a distributed, client-server build distribution system. It is usually used "
2309 "in conjunction with build daemons running the <systemitem role=\"package"
2310 "\">buildd </systemitem> program. <literal>Build daemons</literal> are "
2311 "``slave'' hosts which contact the central <systemitem role=\"package\"> "
2312 "wanna-build</systemitem> system to receive a list of packages that need to "
2316 # type: Content of: <chapter><section><section><section><para>
2319 "<systemitem role=\"package\">wanna-build</systemitem> is not yet available "
2320 "as a package; however, all Debian porting efforts are using it for automated "
2321 "package building. The tool used to do the actual package builds, "
2322 "<systemitem role=\"package\">sbuild</systemitem> is available as a package, "
2323 "see its description in <xref linkend=\"sbuild\"/> . Please note that the "
2324 "packaged version is not the same as the one used on build daemons, but it is "
2325 "close enough to reproduce problems."
2328 # type: Content of: <chapter><section><section><section><para>
2331 "Most of the data produced by <systemitem role=\"package\">wanna-build </"
2332 "systemitem> which is generally useful to porters is available on the web at "
2333 "<ulink url=\"&url-buildd;\"></ulink>. This data includes nightly updated "
2334 "statistics, queueing information and logs for build attempts."
2337 # type: Content of: <chapter><section><section><section><para>
2340 "We are quite proud of this system, since it has so many possible uses. "
2341 "Independent development groups can use the system for different sub-flavors "
2342 "of Debian, which may or may not really be of general interest (for instance, "
2343 "a flavor of Debian built with <command>gcc</command> bounds checking). It "
2344 "will also enable Debian to recompile entire distributions quickly."
2347 # type: Content of: <chapter><section><section><section><para>
2350 "The buildds admins of each arch can be contacted at the mail address "
2351 "<literal><replaceable>arch</replaceable>@buildd.debian.org</literal>."
2354 # type: Content of: <chapter><section><section><title>
2356 msgid "When your package is <emphasis>not</emphasis> portable"
2359 # type: Content of: <chapter><section><section><para>
2362 "Some packages still have issues with building and/or working on some of the "
2363 "architectures supported by Debian, and cannot be ported at all, or not "
2364 "within a reasonable amount of time. An example is a package that is SVGA-"
2365 "specific (only available for <literal>i386</literal> and <literal>amd64</"
2366 "literal>), or uses other hardware-specific features not supported on all "
2370 # type: Content of: <chapter><section><section><para>
2373 "In order to prevent broken packages from being uploaded to the archive, and "
2374 "wasting buildd time, you need to do a few things:"
2377 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
2380 "First, make sure your package <emphasis>does</emphasis> fail to build on "
2381 "architectures that it cannot support. There are a few ways to achieve "
2382 "this. The preferred way is to have a small testsuite during build time that "
2383 "will test the functionality, and fail if it doesn't work. This is a good "
2384 "idea anyway, as this will prevent (some) broken uploads on all "
2385 "architectures, and also will allow the package to build as soon as the "
2386 "required functionality is available."
2389 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
2392 "Additionally, if you believe the list of supported architectures is pretty "
2393 "constant, you should change <literal>any</literal> to a list of supported "
2394 "architectures in <filename>debian/control</filename>. This way, the build "
2395 "will fail also, and indicate this to a human reader without actually trying."
2398 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
2401 "In order to prevent autobuilders from needlessly trying to build your "
2402 "package, it must be included in <filename>packages-arch-specific</filename>, "
2403 "a list used by the <command>wanna-build</command> script. The current "
2404 "version is available as <ulink url=\"&url-cvsweb;srcdep/Packages-arch-"
2405 "specific?cvsroot=dak\"></ulink>; please see the top of the file for whom to "
2406 "contact for changes."
2409 # type: Content of: <chapter><section><section><para>
2412 "Please note that it is insufficient to only add your package to Packages-"
2413 "arch-specific without making it fail to build on unsupported architectures: "
2414 "A porter or any other person trying to build your package might accidently "
2415 "upload it without noticing it doesn't work. If in the past some binary "
2416 "packages were uploaded on unsupported architectures, request their removal "
2417 "by filing a bug against <systemitem role=\"package\">ftp.debian.org</"
2421 # type: Content of: <chapter><section><title>
2423 msgid "Non-Maintainer Uploads (NMUs)"
2426 # type: Content of: <chapter><section><para>
2429 "Under certain circumstances it is necessary for someone other than the "
2430 "official package maintainer to make a release of a package. This is called "
2431 "a non-maintainer upload, or NMU."
2434 # type: Content of: <chapter><section><para>
2437 "This section handles only source NMUs, i.e. NMUs which upload a new version "
2438 "of the package. For binary-only NMUs by porters or QA members, please see "
2439 "<xref linkend=\"binary-only-nmu\"/> . If a buildd builds and uploads a "
2440 "package, that too is strictly speaking a binary NMU. See <xref linkend="
2441 "\"wanna-build\"/> for some more information."
2444 # type: Content of: <chapter><section><para>
2447 "The main reason why NMUs are done is when a developer needs to fix another "
2448 "developer's package in order to address serious problems or crippling bugs "
2449 "or when the package maintainer is unable to release a fix in a timely "
2453 # type: Content of: <chapter><section><para>
2456 "First and foremost, it is critical that NMU patches to source should be as "
2457 "non-disruptive as possible. Do not do housekeeping tasks, do not change the "
2458 "name of modules or files, do not move directories; in general, do not fix "
2459 "things which are not broken. Keep the patch as small as possible. If "
2460 "things bother you aesthetically, talk to the Debian maintainer, talk to the "
2461 "upstream maintainer, or submit a bug. However, aesthetic changes must "
2462 "<emphasis>not</emphasis> be made in a non-maintainer upload."
2465 # type: Content of: <chapter><section><para>
2468 "And please remember the Hippocratic Oath: Above all, do no harm. It is "
2469 "better to leave a package with an open grave bug than applying a non-"
2470 "functional patch, or one that hides the bug instead of resolving it."
2473 # type: Content of: <chapter><section><section><title>
2475 msgid "How to do a NMU"
2478 # type: Content of: <chapter><section><section><para>
2481 "NMUs which fix important, serious or higher severity bugs are encouraged and "
2482 "accepted. You should endeavor to reach the current maintainer of the "
2483 "package; they might be just about to upload a fix for the problem, or have a "
2487 # type: Content of: <chapter><section><section><para>
2490 "NMUs should be made to assist a package's maintainer in resolving bugs. "
2491 "Maintainers should be thankful for that help, and NMUers should respect the "
2492 "decisions of maintainers, and try to personally help the maintainer by their "
2496 # type: Content of: <chapter><section><section><para>
2499 "A NMU should follow all conventions, written down in this section. For an "
2500 "upload to <literal>testing</literal> or <literal>unstable</literal>, this "
2501 "order of steps is recommended:"
2504 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
2507 "Make sure that the package's bugs that the NMU is meant to address are all "
2508 "filed in the Debian Bug Tracking System (BTS). If they are not, submit them "
2512 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
2515 "Wait a few days for the response from the maintainer. If you don't get any "
2516 "response, you may want to help them by sending the patch that fixes the "
2517 "bug. Don't forget to tag the bug with the patch keyword."
2520 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
2523 "Wait a few more days. If you still haven't got an answer from the "
2524 "maintainer, send them a mail announcing your intent to NMU the package. "
2525 "Prepare an NMU as described in this section, and test it carefully on your "
2526 "machine (cf. <xref linkend=\"sanitycheck\"/> ). Double check that your "
2527 "patch doesn't have any unexpected side effects. Make sure your patch is as "
2528 "small and as non-disruptive as it can be."
2531 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
2534 "Upload your package to incoming in <filename>DELAYED/7-day</filename> (cf. "
2535 "<xref linkend=\"delayed-incoming\"/> ), send the final patch to the "
2536 "maintainer via the BTS, and explain to them that they have 7 days to react "
2537 "if they want to cancel the NMU."
2540 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
2543 "Follow what happens, you're responsible for any bug that you introduced with "
2544 "your NMU. You should probably use <xref linkend=\"pkg-tracking-system\"/> "
2545 "(PTS) to stay informed of the state of the package after your NMU."
2548 # type: Content of: <chapter><section><section><para>
2551 "At times, the release manager or an organized group of developers can "
2552 "announce a certain period of time in which the NMU rules are relaxed. This "
2553 "usually involves shortening the period during which one is to wait before "
2554 "uploading the fixes, and shortening the DELAYED period. It is important to "
2555 "notice that even in these so-called bug squashing party times, the NMU'er "
2556 "has to file bugs and contact the developer first, and act later. Please see "
2557 "<xref linkend=\"qa-bsp\"/> for details."
2560 # type: Content of: <chapter><section><section><para>
2563 "For the <literal>testing</literal> distribution, the rules may be changed by "
2564 "the release managers. Please take additional care, and acknowledge that the "
2565 "usual way for a package to enter <literal>testing</literal> is through "
2566 "<literal>unstable</literal>."
2569 # type: Content of: <chapter><section><section><para>
2572 "For the stable distribution, please take extra care. Of course, the release "
2573 "managers may also change the rules here. Please verify before you upload "
2574 "that all your changes are OK for inclusion into the next stable release by "
2575 "the release manager."
2578 # type: Content of: <chapter><section><section><para>
2581 "When a security bug is detected, the security team may do an NMU, using "
2582 "their own rules. Please refer to <xref linkend=\"bug-security\"/> for more "
2586 # type: Content of: <chapter><section><section><para>
2589 "For the differences for Porters NMUs, please see <xref linkend=\"source-nmu-"
2593 # type: Content of: <chapter><section><section><para>
2596 "Of course, it is always possible to agree on special rules with a maintainer "
2597 "(like the maintainer asking please upload this fix directly for me, and no "
2601 # type: Content of: <chapter><section><section><title>
2603 msgid "NMU version numbering"
2606 # type: Content of: <chapter><section><section><para>
2609 "Whenever you have made a change to a package, no matter how trivial, the "
2610 "version number needs to change. This enables our packing system to function."
2613 # type: Content of: <chapter><section><section><para>
2616 "If you are doing a non-maintainer upload (NMU), you should add a new minor "
2617 "version number to the <replaceable>debian-revision</replaceable> part of the "
2618 "version number (the portion after the last hyphen). This extra minor number "
2619 "will start at `1'. For example, consider the package `foo', which is at "
2620 "version 1.1-3. In the archive, the source package control file would be "
2621 "<filename>foo_1.1-3.dsc</filename>. The upstream version is `1.1' and the "
2622 "Debian revision is `3'. The next NMU would add a new minor number `.1' to "
2623 "the Debian revision; the new source control file would be <filename>foo_1.1-"
2624 "3.1.dsc</filename>."
2627 # type: Content of: <chapter><section><section><para>
2630 "The Debian revision minor number is needed to avoid stealing one of the "
2631 "package maintainer's version numbers, which might disrupt their work. It "
2632 "also has the benefit of making it visually clear that a package in the "
2633 "archive was not made by the official maintainer."
2636 # type: Content of: <chapter><section><section><para>
2639 "If there is no <replaceable>debian-revision</replaceable> component in the "
2640 "version number then one should be created, starting at `0.1' (but in case of "
2641 "a debian native package still upload it as native package). If it is "
2642 "absolutely necessary for someone other than the usual maintainer to make a "
2643 "release based on a new upstream version then the person making the release "
2644 "should start with the <replaceable>debian-revision</replaceable> value "
2645 "`0.1'. The usual maintainer of a package should start their "
2646 "<replaceable>debian-revision</replaceable> numbering at `1'."
2649 # type: Content of: <chapter><section><section><para>
2652 "If you upload a package to <literal>testing</literal> or <literal>stable </"
2653 "literal>, sometimes, you need to fork the version number tree. For this, "
2654 "version numbers like 1.1-3sarge0.1 could be used."
2657 # type: Content of: <chapter><section><section><title>
2659 msgid "Source NMUs must have a new changelog entry"
2662 # type: Content of: <chapter><section><section><para>
2665 "Anyone who is doing a source NMU must create a changelog entry, describing "
2666 "which bugs are fixed by the NMU, and generally why the NMU was required and "
2667 "what it fixed. The changelog entry will have the email address of the "
2668 "person who uploaded it in the log entry and the NMU version number in it."
2671 # type: Content of: <chapter><section><section><para>
2673 msgid "By convention, source NMU changelog entries start with the line"
2676 # type: Content of: <chapter><section><section><screen>
2681 " * Non-maintainer upload\n"
2684 # type: Content of: <chapter><section><section><title>
2686 msgid "Source NMUs and the Bug Tracking System"
2689 # type: Content of: <chapter><section><section><para>
2692 "Maintainers other than the official package maintainer should make as few "
2693 "changes to the package as possible, and they should always send a patch as a "
2694 "unified context diff (<literal>diff -u</literal>) detailing their changes to "
2695 "the Bug Tracking System."
2698 # type: Content of: <chapter><section><section><para>
2701 "What if you are simply recompiling the package? If you just need to "
2702 "recompile it for a single architecture, then you may do a binary-only NMU as "
2703 "described in <xref linkend=\"binary-only-nmu\"/> which doesn't require any "
2704 "patch to be sent. If you want the package to be recompiled for all "
2705 "architectures, then you do a source NMU as usual and you will have to send a "
2709 # type: Content of: <chapter><section><section><para>
2712 "Bugs fixed by source NMUs used to be tagged fixed instead of closed, but "
2713 "since version tracking is in place, such bugs are now also closed with the "
2717 # type: Content of: <chapter><section><section><para>
2720 "Also, after doing an NMU, you have to send the information to the existing "
2721 "bugs that are fixed by your NMU, including the unified diff. Historically, "
2722 "it was custom to open a new bug and include a patch showing all the changes "
2723 "you have made. The normal maintainer will either apply the patch or employ "
2724 "an alternate method of fixing the problem. Sometimes bugs are fixed "
2725 "independently upstream, which is another good reason to back out an NMU's "
2726 "patch. If the maintainer decides not to apply the NMU's patch but to "
2727 "release a new version, the maintainer needs to ensure that the new upstream "
2728 "version really fixes each problem that was fixed in the non-maintainer "
2732 # type: Content of: <chapter><section><section><para>
2735 "In addition, the normal maintainer should <emphasis>always</emphasis> retain "
2736 "the entry in the changelog file documenting the non-maintainer upload -- and "
2737 "of course, also keep the changes. If you revert some of the changes, please "
2738 "reopen the relevant bug reports."
2741 # type: Content of: <chapter><section><section><title>
2743 msgid "Building source NMUs"
2746 # type: Content of: <chapter><section><section><para>
2749 "Source NMU packages are built normally. Pick a distribution using the same "
2750 "rules as found in <xref linkend=\"distribution\"/> , follow the other "
2751 "instructions in <xref linkend=\"upload\"/> ."
2754 # type: Content of: <chapter><section><section><para>
2757 "Make sure you do <emphasis>not</emphasis> change the value of the maintainer "
2758 "in the <filename>debian/control</filename> file. Your name as given in the "
2759 "NMU entry of the <filename>debian/changelog</filename> file will be used for "
2760 "signing the changes file."
2763 # type: Content of: <chapter><section><section><title>
2765 msgid "Acknowledging an NMU"
2768 # type: Content of: <chapter><section><section><para>
2771 "If one of your packages has been NMU'ed, you have to incorporate the changes "
2772 "in your copy of the sources. This is easy, you just have to apply the patch "
2773 "that has been sent to you. Once this is done, you have to close the bugs "
2774 "that have been tagged fixed by the NMU. The easiest way is to use the "
2775 "<literal>-v</literal> option of <command>dpkg-buildpackage</command>, as "
2776 "this allows you to include just all changes since your last maintainer "
2777 "upload. Alternatively, you can close them manually by sending the required "
2778 "mails to the BTS or by adding the required <literal>closes: #nnnn</literal> "
2779 "in the changelog entry of your next upload."
2782 # type: Content of: <chapter><section><section><para>
2785 "In any case, you should not be upset by the NMU. An NMU is not a personal "
2786 "attack against the maintainer. It is a proof that someone cares enough "
2787 "about the package that they were willing to help you in your work, so you "
2788 "should be thankful. You may also want to ask them if they would be "
2789 "interested in helping you on a more frequent basis as co-maintainer or "
2790 "backup maintainer (see <xref linkend=\"collaborative-maint\"/> )."
2793 # type: Content of: <chapter><section><section><title>
2795 msgid "NMU vs QA uploads"
2798 # type: Content of: <chapter><section><section><para>
2801 "Unless you know the maintainer is still active, it is wise to check the "
2802 "package to see if it has been orphaned. The current list of orphaned "
2803 "packages which haven't had their maintainer set correctly is available at "
2804 "<ulink url=\"&url-debian-qa-orphaned;\"></ulink>. If you perform an NMU on "
2805 "an improperly orphaned package, please set the maintainer to <literal>Debian "
2806 "QA Group <packages@qa.debian.org></literal>."
2809 # type: Content of: <chapter><section><section><title>
2811 msgid "Who can do an NMU"
2814 # type: Content of: <chapter><section><section><para>
2817 "Only official, registered Debian Developers can do binary or source NMUs. A "
2818 "Debian Developer is someone who has their key in the Debian key ring. Non-"
2819 "developers, however, are encouraged to download the source package and start "
2820 "hacking on it to fix problems; however, rather than doing an NMU, they "
2821 "should just submit worthwhile patches to the Bug Tracking System. "
2822 "Maintainers almost always appreciate quality patches and bug reports."
2825 # type: Content of: <chapter><section><section><title>
2830 # type: Content of: <chapter><section><section><para>
2833 "There are two new terms used throughout this section: ``binary-only NMU'' "
2834 "and ``source NMU''. These terms are used with specific technical meaning "
2835 "throughout this document. Both binary-only and source NMUs are similar, "
2836 "since they involve an upload of a package by a developer who is not the "
2837 "official maintainer of that package. That is why it's a <literal>non-"
2838 "maintainer</literal> upload."
2841 # type: Content of: <chapter><section><section><para>
2844 "A source NMU is an upload of a package by a developer who is not the "
2845 "official maintainer, for the purposes of fixing a bug in the package. "
2846 "Source NMUs always involves changes to the source (even if it is just a "
2847 "change to <filename>debian/changelog</filename>). This can be either a "
2848 "change to the upstream source, or a change to the Debian bits of the "
2849 "source. Note, however, that source NMUs may also include architecture-"
2850 "dependent packages, as well as an updated Debian diff."
2853 # type: Content of: <chapter><section><section><para>
2856 "A binary-only NMU is a recompilation and upload of a binary package for a "
2857 "given architecture. As such, it is usually part of a porting effort. A "
2858 "binary-only NMU is a non-maintainer uploaded binary version of a package, "
2859 "with no source changes required. There are many cases where porters must "
2860 "fix problems in the source in order to get them to compile for their target "
2861 "architecture; that would be considered a source NMU rather than a binary-"
2862 "only NMU. As you can see, we don't distinguish in terminology between "
2863 "porter NMUs and non-porter NMUs."
2866 # type: Content of: <chapter><section><section><para>
2869 "Both classes of NMUs, source and binary-only, can be lumped under the term "
2870 "``NMU''. However, this often leads to confusion, since most people think "
2871 "``source NMU'' when they think ``NMU''. So it's best to be careful: always "
2872 "use ``binary NMU'' or ``binNMU'' for binary-only NMUs."
2875 # type: Content of: <chapter><section><title>
2877 msgid "Collaborative maintenance"
2880 # type: Content of: <chapter><section><para>
2883 "Collaborative maintenance is a term describing the sharing of Debian package "
2884 "maintenance duties by several people. This collaboration is almost always a "
2885 "good idea, since it generally results in higher quality and faster bug fix "
2886 "turnaround times. It is strongly recommended that packages with a priority "
2887 "of <literal>Standard</literal> or which are part of the base set have co-"
2891 # type: Content of: <chapter><section><para>
2894 "Generally there is a primary maintainer and one or more co-maintainers. The "
2895 "primary maintainer is the person whose name is listed in the "
2896 "<literal>Maintainer</literal> field of the <filename>debian/control</"
2897 "filename> file. Co-maintainers are all the other maintainers, usually "
2898 "listed in the <literal>Uploaders</literal> field of the <filename>debian/"
2899 "control</filename> file."
2902 # type: Content of: <chapter><section><para>
2905 "In its most basic form, the process of adding a new co-maintainer is quite "
2909 # type: Content of: <chapter><section><itemizedlist><listitem><para>
2912 "Setup the co-maintainer with access to the sources you build the package "
2913 "from. Generally this implies you are using a network-capable version "
2914 "control system, such as <command>CVS</command> or <command>Subversion</"
2915 "command>. Alioth (see <xref linkend=\"alioth\"/> ) provides such tools, "
2919 # type: Content of: <chapter><section><itemizedlist><listitem><para>
2922 "Add the co-maintainer's correct maintainer name and address to the "
2923 "<literal>Uploaders</literal> field in the first paragraph of the "
2924 "<filename>debian/control</filename> file."
2927 # type: Content of: <chapter><section><itemizedlist><listitem><screen>
2932 "Uploaders: John Buzz <jbuzz@debian.org>, Adam Rex <arex@debian.org>\n"
2935 # type: Content of: <chapter><section><itemizedlist><listitem><para>
2938 "Using the PTS (<xref linkend=\"pkg-tracking-system\"/> ), the co-maintainers "
2939 "should subscribe themselves to the appropriate source package."
2942 # type: Content of: <chapter><section><para>
2945 "Another form of collaborative maintenance is team maintenance, which is "
2946 "recommended if you maintain several packages with the same group of "
2947 "developers. In that case, the Maintainer and Uploaders field of each "
2948 "package must be managed with care. It is recommended to choose between one "
2949 "of the two following schemes:"
2952 # type: Content of: <chapter><section><orderedlist><listitem><para>
2955 "Put the team member mainly responsible for the package in the Maintainer "
2956 "field. In the Uploaders, put the mailing list address, and the team members "
2957 "who care for the package."
2960 # type: Content of: <chapter><section><orderedlist><listitem><para>
2963 "Put the mailing list address in the Maintainer field. In the Uploaders "
2964 "field, put the team members who care for the package. In this case, you "
2965 "must make sure the mailing list accept bug reports without any human "
2966 "interaction (like moderation for non-subscribers)."
2969 # type: Content of: <chapter><section><para>
2972 "In any case, it is a bad idea to automatically put all team members in the "
2973 "Uploaders field. It clutters the Developer's Package Overview listing (see "
2974 "<xref linkend=\"ddpo\"/> ) with packages one doesn't really care for, and "
2975 "creates a false sense of good maintenance."
2978 # type: Content of: <chapter><section><title>
2980 msgid "The testing distribution"
2983 # type: Content of: <chapter><section><section><title>
2988 # type: Content of: <chapter><section><section><para>
2991 "Packages are usually installed into the <literal>testing</literal> "
2992 "distribution after they have undergone some degree of <literal>testing</"
2993 "literal> in <literal>unstable</literal>."
2996 # type: Content of: <chapter><section><section><para>
2999 "They must be in sync on all architectures and mustn't have dependencies that "
3000 "make them uninstallable; they also have to have generally no known release-"
3001 "critical bugs at the time they're installed into <literal>testing </"
3002 "literal>. This way, <literal>testing</literal> should always be close to "
3003 "being a release candidate. Please see below for details."
3006 # type: Content of: <chapter><section><section><title>
3008 msgid "Updates from unstable"
3011 # type: Content of: <chapter><section><section><para>
3014 "The scripts that update the <literal>testing</literal> distribution are run "
3015 "twice each day, right after the installation of the updated packages; these "
3016 "scripts are called <literal>britney</literal>. They generate the "
3017 "<filename>Packages</filename> files for the <literal>testing</literal> "
3018 "distribution, but they do so in an intelligent manner; they try to avoid any "
3019 "inconsistency and to use only non-buggy packages."
3022 # type: Content of: <chapter><section><section><para>
3025 "The inclusion of a package from <literal>unstable</literal> is conditional "
3029 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
3032 "The package must have been available in <literal>unstable</literal> for 2, 5 "
3033 "or 10 days, depending on the urgency (high, medium or low). Please note "
3034 "that the urgency is sticky, meaning that the highest urgency uploaded since "
3035 "the previous <literal>testing</literal> transition is taken into account. "
3036 "Those delays may be doubled during a freeze, or <literal>testing</literal> "
3037 "transitions may be switched off altogether;"
3040 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
3043 "It must not have new release-critical bugs (RC bugs affecting the version "
3044 "available in <literal>unstable</literal>, but not affecting the version in "
3045 "<literal>testing</literal>);"
3048 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
3051 "It must be available on all architectures on which it has previously been "
3052 "built in <literal>unstable</literal>. <xref linkend=\"dak-ls\"/> may be of "
3053 "interest to check that information;"
3056 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
3059 "It must not break any dependency of a package which is already available in "
3060 "<literal>testing</literal>;"
3063 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
3066 "The packages on which it depends must either be available in "
3067 "<literal>testing</literal> or they must be accepted into <literal>testing</"
3068 "literal> at the same time (and they will be if they fulfill all the "
3069 "necessary criteria);"
3072 # type: Content of: <chapter><section><section><para>
3075 "To find out whether a package is progressing into <literal>testing</literal> "
3076 "or not, see the <literal>testing</literal> script output on the <ulink url="
3077 "\"&url-testing-maint;\">web page of the testing distribution</ulink>, or use "
3078 "the program <command>grep-excuses</command> which is in the <systemitem role="
3079 "\"package\">devscripts</systemitem> package. This utility can easily be "
3080 "used in a <citerefentry> <refentrytitle>crontab</refentrytitle> "
3081 "<manvolnum>5</manvolnum> </citerefentry> to keep yourself informed of the "
3082 "progression of your packages into <literal>testing</literal>."
3085 # type: Content of: <chapter><section><section><para>
3088 "The <filename>update_excuses</filename> file does not always give the "
3089 "precise reason why the package is refused; you may have to find it on your "
3090 "own by looking for what would break with the inclusion of the package. The "
3091 "<ulink url=\"&url-testing-maint;\">testing web page</ulink> gives some more "
3092 "information about the usual problems which may be causing such troubles."
3095 # type: Content of: <chapter><section><section><para>
3098 "Sometimes, some packages never enter <literal>testing</literal> because the "
3099 "set of inter-relationship is too complicated and cannot be sorted out by the "
3100 "scripts. See below for details."
3103 # type: Content of: <chapter><section><section><para>
3106 "Some further dependency analysis is shown on <ulink url=\"http://release."
3107 "debian.org/migration/\"></ulink> — but be warned, this page also shows build "
3108 "dependencies which are not considered by britney."
3111 # type: Content of: <chapter><section><section><section><title>
3116 # type: Content of: <chapter><section><section><section><para>
3117 #. FIXME: better rename this file than document rampant professionalism?
3120 "For the <literal>testing</literal> migration script, outdated means: There "
3121 "are different versions in <literal>unstable</literal> for the release "
3122 "architectures (except for the architectures in fuckedarches; fuckedarches is "
3123 "a list of architectures that don't keep up (in <filename>update_out.py</"
3124 "filename>), but currently, it's empty). outdated has nothing whatsoever to "
3125 "do with the architectures this package has in <literal>testing</literal>."
3128 # type: Content of: <chapter><section><section><section><para>
3130 msgid "Consider this example:"
3133 # type: Content of: <chapter><section><section><section><informaltable><tgroup><thead><row><entry>
3134 #: pkgs.dbk:2354 pkgs.dbk:2387
3138 # type: Content of: <chapter><section><section><section><informaltable><tgroup><thead><row><entry>
3139 #: pkgs.dbk:2355 pkgs.dbk:2388
3143 # type: Content of: <chapter><section><section><section><informaltable><tgroup><thead><row><entry>
3144 #: pkgs.dbk:2360 pkgs.dbk:2394 pkgs.dbk:2456
3148 # type: Content of: <chapter><section><section><section><informaltable><tgroup><tbody><row><entry>
3149 #: pkgs.dbk:2361 pkgs.dbk:2366 pkgs.dbk:2395 pkgs.dbk:2396 pkgs.dbk:2403
3153 # type: Content of: <chapter><section><section><section><informaltable><tgroup><tbody><row><entry>
3154 #: pkgs.dbk:2362 pkgs.dbk:2397 pkgs.dbk:2402
3158 # type: Content of: <chapter><section><section><section><informaltable><tgroup><thead><row><entry>
3159 #: pkgs.dbk:2365 pkgs.dbk:2400 pkgs.dbk:2457
3163 # type: Content of: <chapter><section><section><section><informaltable><tgroup><tbody><row><entry>
3164 #: pkgs.dbk:2367 pkgs.dbk:2401
3168 # type: Content of: <chapter><section><section><section><para>
3171 "The package is out of date on alpha in <literal>unstable</literal>, and will "
3172 "not go to <literal>testing</literal>. Removing the package would not help at "
3173 "all, the package is still out of date on <literal>alpha</literal>, and will "
3174 "not propagate to testing."
3177 # type: Content of: <chapter><section><section><section><para>
3180 "However, if ftp-master removes a package in <literal>unstable</literal> "
3181 "(here on <literal>arm</literal>):"
3184 # type: Content of: <chapter><section><section><section><informaltable><tgroup><thead><row><entry>
3189 # type: Content of: <chapter><section><section><section><para>
3192 "In this case, the package is up to date on all release architectures in "
3193 "<literal>unstable</literal> (and the extra <literal>hurd-i386</literal> "
3194 "doesn't matter, as it's not a release architecture)."
3197 # type: Content of: <chapter><section><section><section><para>
3200 "Sometimes, the question is raised if it is possible to allow packages in "
3201 "that are not yet built on all architectures: No. Just plainly no. (Except "
3202 "if you maintain glibc or so.)"
3205 # type: Content of: <chapter><section><section><section><title>
3207 msgid "Removals from testing"
3210 # type: Content of: <chapter><section><section><section><para>
3213 "Sometimes, a package is removed to allow another package in: This happens "
3214 "only to allow <emphasis>another</emphasis> package to go in if it's ready in "
3215 "every other sense. Suppose e.g. that <literal>a</literal> cannot be "
3216 "installed with the new version of <literal>b</literal>; then <literal>a</"
3217 "literal> may be removed to allow <literal>b</literal> in."
3220 # type: Content of: <chapter><section><section><section><para>
3223 "Of course, there is another reason to remove a package from <literal>testing "
3224 "</literal>: It's just too buggy (and having a single RC-bug is enough to be "
3228 # type: Content of: <chapter><section><section><section><para>
3231 "Furthermore, if a package has been removed from <literal>unstable</literal>, "
3232 "and no package in <literal>testing</literal> depends on it any more, then it "
3233 "will automatically be removed."
3236 # type: Content of: <chapter><section><section><section><title>
3238 msgid "circular dependencies"
3241 # type: Content of: <chapter><section><section><section><para>
3244 "A situation which is not handled very well by britney is if package "
3245 "<literal>a</literal> depends on the new version of package <literal>b</"
3246 "literal>, and vice versa."
3249 # type: Content of: <chapter><section><section><section><para>
3251 msgid "An example of this is:"
3254 # type: Content of: <chapter><section><section><section><informaltable><tgroup><tbody><row><entry>
3259 # type: Content of: <chapter><section><section><section><informaltable><tgroup><tbody><row><entry>
3261 msgid "1; depends: b=1"
3264 # type: Content of: <chapter><section><section><section><informaltable><tgroup><tbody><row><entry>
3266 msgid "2; depends: b=2"
3269 # type: Content of: <chapter><section><section><section><informaltable><tgroup><tbody><row><entry>
3274 # type: Content of: <chapter><section><section><section><informaltable><tgroup><tbody><row><entry>
3276 msgid "1; depends: a=1"
3279 # type: Content of: <chapter><section><section><section><informaltable><tgroup><tbody><row><entry>
3281 msgid "2; depends: a=2"
3284 # type: Content of: <chapter><section><section><section><para>
3287 "Neither package <literal>a</literal> nor package <literal>b</literal> is "
3288 "considered for update."
3291 # type: Content of: <chapter><section><section><section><para>
3294 "Currently, this requires some manual hinting from the release team. Please "
3295 "contact them by sending mail to &email-debian-release; if this happens to "
3296 "one of your packages."
3299 # type: Content of: <chapter><section><section><section><title>
3301 msgid "influence of package in testing"
3304 # type: Content of: <chapter><section><section><section><para>
3307 "Generally, there is nothing that the status of a package in <literal>testing "
3308 "</literal> means for transition of the next version from <literal>unstable </"
3309 "literal> to <literal>testing</literal>, with two exceptions: If the RC-"
3310 "bugginess of the package goes down, it may go in even if it is still RC-"
3311 "buggy. The second exception is if the version of the package in <literal> "
3312 "testing</literal> is out of sync on the different arches: Then any arch "
3313 "might just upgrade to the version of the source package; however, this can "
3314 "happen only if the package was previously forced through, the arch is in "
3315 "fuckedarches, or there was no binary package of that arch present in "
3316 "<literal>unstable </literal> at all during the <literal>testing</literal> "
3320 # type: Content of: <chapter><section><section><section><para>
3323 "In summary this means: The only influence that a package being in <literal> "
3324 "testing</literal> has on a new version of the same package is that the new "
3325 "version might go in easier."
3328 # type: Content of: <chapter><section><section><section><title>
3333 # type: Content of: <chapter><section><section><section><para>
3335 msgid "If you are interested in details, this is how britney works:"
3338 # type: Content of: <chapter><section><section><section><para>
3341 "The packages are looked at to determine whether they are valid candidates. "
3342 "This gives the update excuses. The most common reasons why a package is not "
3343 "considered are too young, RC-bugginess, and out of date on some arches. For "
3344 "this part of britney, the release managers have hammers of various sizes to "
3345 "force britney to consider a package. (Also, the base freeze is coded in "
3346 "that part of britney.) (There is a similar thing for binary-only updates, "
3347 "but this is not described here. If you're interested in that, please peruse "
3351 # type: Content of: <chapter><section><section><section><para>
3354 "Now, the more complex part happens: Britney tries to update <literal>testing "
3355 "</literal> with the valid candidates. For that, britney tries to add each "
3356 "valid candidate to the testing distribution. If the number of uninstallable "
3357 "packages in <literal>testing</literal> doesn't increase, the package is "
3358 "accepted. From that point on, the accepted package is considered to be part "
3359 "of <literal>testing</literal>, such that all subsequent installability tests "
3360 "include this package. Hints from the release team are processed before or "
3361 "after this main run, depending on the exact type."
3364 # type: Content of: <chapter><section><section><section><para>
3367 "If you want to see more details, you can look it up on <filename>merkel:/org/"
3368 "&ftp-debian-org;/testing/update_out/</filename> (or in <filename>merkel:~aba/"
3369 "testing/update_out</filename> to see a setup with a smaller packages file). "
3370 "Via web, it's at <ulink url=\"http://&ftp-master-host;/testing/"
3371 "update_out_code/\"></ulink>"
3374 # type: Content of: <chapter><section><section><section><para>
3377 "The hints are available via <ulink url=\"http://&ftp-master-host;/testing/"
3378 "hints/\"></ulink>."
3381 # type: Content of: <chapter><section><section><title>
3383 msgid "Direct updates to testing"
3386 # type: Content of: <chapter><section><section><para>
3389 "The <literal>testing</literal> distribution is fed with packages from "
3390 "<literal>unstable</literal> according to the rules explained above. "
3391 "However, in some cases, it is necessary to upload packages built only for "
3392 "<literal> testing</literal>. For that, you may want to upload to <literal> "
3393 "testing-proposed-updates</literal>."
3396 # type: Content of: <chapter><section><section><para>
3399 "Keep in mind that packages uploaded there are not automatically processed, "
3400 "they have to go through the hands of the release manager. So you'd better "
3401 "have a good reason to upload there. In order to know what a good reason is "
3402 "in the release managers' eyes, you should read the instructions that they "
3403 "regularly give on &email-debian-devel-announce;."
3406 # type: Content of: <chapter><section><section><para>
3409 "You should not upload to <literal>testing-proposed-updates</literal> when "
3410 "you can update your packages through <literal>unstable</literal>. If you "
3411 "can't (for example because you have a newer development version in "
3412 "<literal>unstable </literal>), you may use this facility, but it is "
3413 "recommended that you ask for authorization from the release manager first. "
3414 "Even if a package is frozen, updates through <literal>unstable</literal> are "
3415 "possible, if the upload via <literal>unstable</literal> does not pull in any "
3419 # type: Content of: <chapter><section><section><para>
3422 "Version numbers are usually selected by adding the codename of the "
3423 "<literal>testing</literal> distribution and a running number, like "
3424 "<literal>1.2sarge1</literal> for the first upload through <literal>testing-"
3425 "proposed-updates</literal> of package version <literal>1.2</literal>."
3428 # type: Content of: <chapter><section><section><para>
3430 msgid "Please make sure you didn't miss any of these items in your upload:"
3433 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
3436 "Make sure that your package really needs to go through <literal>testing-"
3437 "proposed-updates</literal>, and can't go through <literal> unstable</"
3441 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
3443 msgid "Make sure that you included only the minimal amount of changes;"
3446 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
3449 "Make sure that you included an appropriate explanation in the changelog;"
3452 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
3455 "Make sure that you've written <literal>testing</literal> or <literal>testing-"
3456 "proposed-updates</literal> into your target distribution;"
3459 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
3462 "Make sure that you've built and tested your package in <literal>testing</"
3463 "literal>, not in <literal>unstable</literal>;"
3466 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
3469 "Make sure that your version number is higher than the version in "
3470 "<literal>testing</literal> and <literal>testing-proposed-updates</literal>, "
3471 "and lower than in <literal>unstable</literal>;"
3474 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
3477 "After uploading and successful build on all platforms, contact the release "
3478 "team at &email-debian-release; and ask them to approve your upload."
3481 # type: Content of: <chapter><section><section><title>
3483 msgid "Frequently asked questions"
3486 # type: Content of: <chapter><section><section><section><title>
3488 msgid "What are release-critical bugs, and how do they get counted?"
3491 # type: Content of: <chapter><section><section><section><para>
3494 "All bugs of some higher severities are by default considered release-"
3495 "critical; currently, these are <literal>critical</literal>, <literal>grave</"
3496 "literal> and <literal>serious</literal> bugs."
3499 # type: Content of: <chapter><section><section><section><para>
3502 "Such bugs are presumed to have an impact on the chances that the package "
3503 "will be released with the <literal>stable</literal> release of Debian: in "
3504 "general, if a package has open release-critical bugs filed on it, it won't "
3505 "get into <literal>testing</literal>, and consequently won't be released in "
3506 "<literal> stable</literal>."
3509 # type: Content of: <chapter><section><section><section><para>
3512 "The <literal>unstable</literal> bug count are all release-critical bugs "
3513 "which are marked to apply to <replaceable>package</replaceable>/"
3514 "<replaceable>version </replaceable> combinations that are available in "
3515 "unstable for a release architecture. The <literal>testing</literal> bug "
3516 "count is defined analogously."
3519 # type: Content of: <chapter><section><section><section><title>
3522 "How could installing a package into <literal>testing</literal> possibly "
3523 "break other packages?"
3526 # type: Content of: <chapter><section><section><section><para>
3529 "The structure of the distribution archives is such that they can only "
3530 "contain one version of a package; a package is defined by its name. So when "
3531 "the source package <literal>acmefoo</literal> is installed into "
3532 "<literal>testing</literal>, along with its binary packages <literal>acme-foo-"
3533 "bin</literal>, <literal> acme-bar-bin</literal>, <literal>libacme-foo1</"
3534 "literal> and <literal> libacme-foo-dev</literal>, the old version is removed."
3537 # type: Content of: <chapter><section><section><section><para>
3540 "However, the old version may have provided a binary package with an old "
3541 "soname of a library, such as <literal>libacme-foo0</literal>. Removing the "
3542 "old <literal>acmefoo</literal> will remove <literal>libacme-foo0</literal>, "
3543 "which will break any packages which depend on it."
3546 # type: Content of: <chapter><section><section><section><para>
3549 "Evidently, this mainly affects packages which provide changing sets of "
3550 "binary packages in different versions (in turn, mainly libraries). However, "
3551 "it will also affect packages upon which versioned dependencies have been "
3552 "declared of the ==, <=, or << varieties."
3555 # type: Content of: <chapter><section><section><section><para>
3558 "When the set of binary packages provided by a source package change in this "
3559 "way, all the packages that depended on the old binaries will have to be "
3560 "updated to depend on the new binaries instead. Because installing such a "
3561 "source package into <literal>testing</literal> breaks all the packages that "
3562 "depended on it in <literal>testing</literal>, some care has to be taken now: "
3563 "all the depending packages must be updated and ready to be installed "
3564 "themselves so that they won't be broken, and, once everything is ready, "
3565 "manual intervention by the release manager or an assistant is normally "
3569 # type: Content of: <chapter><section><section><section><para>
3572 "If you are having problems with complicated groups of packages like this, "
3573 "contact &email-debian-devel; or &email-debian-release; for help."