</para>
<para>
When closing security bugs include CVE numbers as well as the
-<literal>Closes: #<replaceable>nnnnn</replaceable></literal>
+<literal>Closes: #<replaceable>nnnnn</replaceable></literal>.
This is useful for the security team to track vulnerabilities. If an upload is
made to fix the bug before the advisory ID is known, it is encouraged to modify
the historical changelog entry with the next upload. Even in this case, please
upstream version of the software looks like this:
</para>
<screen>
- * new upstream version
+ * New upstream release.
</screen>
<para>
There are tools to help you create entries and finalize the
</para>
<para>
Normally, a package should <emphasis>not</emphasis> be uploaded if it causes
-lintian to emit errors (they will start with <literal>E</literal>).
+<command>lintian</command> to emit errors (they will start with <literal>E</literal>).
</para>
<para>
For more information on <command>lintian</command>, see <xref
</itemizedlist>
<para>
For the native packages, the source package includes a Debian source control
-file (<literal>.dsc</literal>) and the source tarball
-(<literal>.tar.{gz,bz2,lzma}</literal>). A source package of a non-native package
+file (<filename>.dsc</filename>) and the source tarball
+(<filename>.tar.{gz,bz2,xz}</filename>). A source package of a non-native package
includes a Debian source control file, the original source tarball
-(<literal>.orig.tar.{gz,bz2,lzma}</literal>) and the Debian changes
-(<literal>.diff.gz</literal> for the source format “1.0” or
-<literal>.debian.tar.{gz,bz2,lzma}</literal> for the source format “3.0 (quilt)”).
+(<filename>.orig.tar.{gz,bz2,xz}</filename>) and the Debian changes
+(<filename>.diff.gz</filename> for the source format “1.0” or
+<filename>.debian.tar.{gz,bz2,xz}</filename> for the source format “3.0 (quilt)”).
</para>
<para>
With source format “1.0”, whether a package is native or not was determined
</para>
<para>
Please notice that, in non-native packages, permissions on files that are not
-present in the .orig.tar.{gz,bz2,lzma} will not be preserved, as diff does not store file
+present in the <filename>*.orig.tar.{gz,bz2,xz}</filename> will not be preserved, as diff does not store file
permissions in the patch. However when using source format “3.0 (quilt)”,
permissions of files inside the <filename>debian</filename> directory are
preserved since they are stored in a tar archive.
<para>
The Debian archive maintainers are responsible for handling package uploads.
For the most part, uploads are automatically handled on a daily basis by the
-archive maintenance tools, <command>katie</command>. Specifically, updates to
-existing packages to the <literal>unstable</literal> distribution are handled
-automatically. In other cases, notably new packages, placing the uploaded
-package into the distribution is handled manually. When uploads are handled
-manually, the change to the archive may take up to a month to occur. Please
+archive maintenance tools, <command>dak process-upload</command>. Specifically,
+updates to existing packages to the <literal>unstable</literal> distribution are
+handled automatically. In other cases, notably new packages, placing the
+uploaded package into the distribution is handled manually. When uploads are
+handled manually, the change to the archive may take some time to occur. Please
be patient.
</para>
<para>
<para>
When you become aware of a security-related bug in a Debian package, whether or
not you are the maintainer, collect pertinent information about the problem,
-and promptly contact the security team at
-&email-security-team; as soon as possible. <emphasis
-role="strong">DO NOT UPLOAD</emphasis> any packages for <literal>stable</literal>
-without contacting the team. Useful information includes, for example:
+and promptly contact the security team, preferably by filing a ticket in
+their Request Tracker.
+See <ulink url="http://wiki.debian.org/rt.debian.org#Security_Team"></ulink>.
+Alternatively you may email &email-security-team;.
+<emphasis role="strong">DO NOT UPLOAD</emphasis> any packages for
+<literal>stable</literal> without contacting the team. Useful information
+includes, for example:
</para>
<itemizedlist>
<listitem>
<para>
+Whether or not the bug is already public.
+</para>
+</listitem>
+<listitem>
+<para>
Which versions of the package are known to be affected by the bug. Check each
version that is present in a supported Debian release, as well as
<literal>testing</literal> and <literal>unstable</literal>.
<listitem>
<para>
Any fixed packages that you have prepared yourself (send only the
-<literal>.diff.gz</literal> and <literal>.dsc</literal> files and read <xref
+<filename>.diff.gz</filename> and <filename>.dsc</filename> files and read <xref
linkend="bug-security-building"/> first)
</para>
</listitem>
<para>
Please note that if secrecy is needed you may not upload a fix to
<literal>unstable</literal> (or
-anywhere else, such as a public CVS repository). It is not sufficient to
+anywhere else, such as a public VCS repository). It is not sufficient to
obfuscate the details of the change, as the code itself is public, and can (and
will) be examined by the general public.
</para>
</listitem>
<listitem>
<para>
-Unless the upstream source has been uploaded to <literal>security.debian.org
-</literal> before (by a previous security update), build the upload <emphasis
-role="strong">with full upstream source</emphasis> (<literal>dpkg-buildpackage
--sa</literal>). If there has been a previous upload to
-<literal>security.debian.org</literal> with the same upstream version, you may
-upload without upstream source (<literal>dpkg-buildpackage -sd</literal>).
+Unless the upstream source has been uploaded to
+<literal>security.debian.org</literal> before (by a previous security update),
+build the upload <emphasis role="strong">with full upstream source</emphasis>
+(<literal>dpkg-buildpackage -sa</literal>). If there has been a previous
+upload to <literal>security.debian.org</literal> with the same upstream
+version, you may upload without upstream source (<literal>dpkg-buildpackage
+-sd</literal>).
</para>
</listitem>
<listitem>
<para>
Be sure to use the <emphasis role="strong">exact same
-<filename>*.orig.tar.{gz,bz2,lzma}</filename></emphasis> as used in the
+<filename>*.orig.tar.{gz,bz2,xz}</filename></emphasis> as used in the
normal archive, otherwise it is not possible to move the security fix into the
main archives later.
</para>
<title>Moving packages</title>
<para>
Sometimes a package will change its section. For instance, a package from the
-`non-free' section might be GPL'd in a later version, in which case the package
+<literal>non-free</literal> section might be GPL'd in a later version, in which case the package
should be moved to `main' or `contrib'.<footnote><para> See the <ulink
url="&url-debian-policy;">Debian Policy Manual</ulink> for
guidelines on what section a package belongs in. </para> </footnote>
the package (see the <ulink
url="&url-debian-policy;">Debian Policy Manual</ulink> for
details). You must ensure that you include the
-<filename>.orig.tar.{gz,bz2,lzma}</filename> in your upload (even if you are not uploading
+<filename>.orig.tar.{gz,bz2,xz}</filename> in your upload (even if you are not uploading
a new upstream version), or it will not appear in the new section together with
the rest of the package. If your new section is valid, it will be moved
automatically. If it does not, then contact the ftpmasters in order to
<replaceable>[architecture list]</replaceable> is optional and only needed
if the removal request only applies to some architectures, not all. Note
that the <command>reportbug</command> will create a title conforming
-to these rules when you use it to report a bug against the <literal>
-ftp.debian.org</literal> pseudo-package.
+to these rules when you use it to report a bug against the
+<literal>ftp.debian.org</literal> pseudo-package.
</para>
<para>
</para>
<para>
-Note that removals can only be done for the <literal>unstable
-</literal>, <literal>experimental</literal> and <literal>stable
-</literal> distribution. Packages are not removed from
+Note that removals can only be done for the <literal>unstable</literal>,
+<literal>experimental</literal> and <literal>stable</literal>
+distribution. Packages are not removed from
<literal>testing</literal> directly. Rather, they will be removed
automatically after the package has been removed from
-<literal>unstable</literal> and no package in <literal>testing
-</literal> depends on it.
+<literal>unstable</literal> and no package in
+<literal>testing</literal> depends on it.
</para>
<para>
There is one exception when an explicit removal request is not necessary: If a
-(source or binary) package is an orphan, it will be removed semi-automatically.
-For a binary-package, this means if there is no longer any source package
-producing this binary package; if the binary package is just no longer produced
-on some architectures, a removal request is still necessary. For a
-source-package, this means that all binary packages it refers to have been
+(source or binary) package is no longer built from source, it will be removed
+semi-automatically. For a binary-package, this means if there is no longer any
+source package producing this binary package; if the binary package is just no
+longer produced on some architectures, a removal request is still necessary. For
+a source-package, this means that all binary packages it refers to have been
taken over by another source package.
</para>
<para>
role="package">apt</systemitem> package. When invoked as <literal>apt-cache
showpkg <replaceable>package</replaceable></literal>, the program will show
details for <replaceable>package</replaceable>, including reverse depends.
-Other useful programs include <literal>apt-cache rdepends</literal>,
+Other useful programs include <command>apt-cache rdepends</command>,
<command>apt-rdepends</command>, <command>build-rdeps</command> (in the
<systemitem role="package">devscripts</systemitem> package) and
<command>grep-dctrl</command>. Removal of
you should follow a two-step process to rename it. In the first
step, change the <filename>debian/control</filename> file to
reflect the new name and to replace, provide and conflict with the
-obsolete package name (see the <ulink url="&url-debian-policy;">
-Debian Policy Manual</ulink> for details). Please note that you
+obsolete package name (see the <ulink url="&url-debian-policy;">Debian
+Policy Manual</ulink> for details). Please note that you
should only add a <literal>Provides</literal> relation if all
packages depending on the obsolete package name continue to work
after the renaming. Once you've uploaded the package and the package
-has moved into the archive, file a bug against <literal>
-ftp.debian.org</literal> asking to remove the package with the
+has moved into the archive, file a bug against <literal>ftp.debian.org</literal>
+asking to remove the package with the
obsolete name (see <xref linkend="removing-pkgs"/>). Do not forget
to properly reassign the package's bugs at the same time.
</para>
If you take over an old package, you probably want to be listed as the
package's official maintainer in the bug system. This will happen
automatically once you upload a new version with an updated
-<literal>Maintainer:</literal> field, although it can take a few hours after
+<literal>Maintainer</literal> field, although it can take a few hours after
the upload is done. If you do not expect to upload a new version for a while,
you can use <xref linkend="pkg-tracking-system"/> to get the bug reports.
However, make sure that the old maintainer has no problem with the fact that
different from the original architecture of the package maintainer's binary
package. It is a unique and essential activity. In fact, porters do most of
the actual compiling of Debian packages. For instance, when a maintainer
-uploads a (portable) source packages with binaries for the <literal>i386
-</literal> architecture, it will be built for each of the other architectures,
+uploads a (portable) source packages with binaries for the <literal>i386</literal>
+architecture, it will be built for each of the other architectures,
amounting to &number-of-arches; more builds.
</para>
<section id="kind-to-porters">
</listitem>
<listitem>
<para>
-Make sure your debian/rules contains separate <literal>binary-arch</literal>
+Make sure your <filename>debian/rules</filename> contains separate <literal>binary-arch</literal>
and <literal>binary-indep</literal> targets, as the Debian Policy Manual
requires. Make sure that both targets work independently, that is, that you
can call the target without having called the other before. To test this,
-m<replaceable>porter-email</replaceable></literal>. Of course, set
<replaceable>porter-email</replaceable> to your email address. This will do a
binary-only build of only the architecture-dependent portions of the package,
-using the <literal>binary-arch</literal> target in <filename>debian/rules
-</filename>.
+using the <literal>binary-arch</literal> target in
+<filename>debian/rules</filename>.
</para>
<para>
If you are working on a Debian machine for your porting efforts and you need to
You have to make sure that your binary-only NMU doesn't render the package
uninstallable. This could happen when a source package generates
arch-dependent and arch-independent packages that have inter-dependencies
-generated using dpkg's substitution variable <literal>$(Source-Version)
-</literal>.
+generated using dpkg's substitution variable <literal>$(Source-Version)</literal>.
</para>
<para>
Despite the required modification of the changelog, these are called
</para>
<para>
The ``magic'' for a recompilation-only NMU is triggered by using a suffix
-appended to the package version number, following the form <literal>
-b<replaceable>number</replaceable></literal>.
+appended to the package version number, following the form
+<literal>b<replaceable>number</replaceable></literal>.
For instance, if the latest version you are recompiling against was version
<literal>2.9-3</literal>, your binary-only NMU should carry a version of
-<literal>2.9-3+b1</literal>. If the latest version was <literal>3.4+b1
-</literal> (i.e, a native package with a previous recompilation NMU), your
-binary-only NMU should have a version number of <literal>3.4+b2</literal>.
-<footnote><para> In the past, such NMUs used the third-level number on the
+<literal>2.9-3+b1</literal>. If the latest version was <literal>3.4+b1</literal>
+(i.e, a native package with a previous recompilation NMU), your
+binary-only NMU should have a version number of <literal>3.4+b2</literal>.<footnote><para>
+In the past, such NMUs used the third-level number on the
Debian part of the revision to denote their recompilation-only status;
however, this syntax was ambiguous with native packages and did not allow
proper ordering of recompile-only NMUs, source NMUs, and security NMUs on
<title>When to do a source NMU if you are a porter</title>
<para>
Porters doing a source NMU generally follow the guidelines found in <xref
-linkend="nmu"/> , just like non-porters. However, it is expected that the wait
+linkend="nmu"/>, just like non-porters. However, it is expected that the wait
cycle for a porter's source NMU is smaller than for a non-porter, since porters
have to cope with a large quantity of packages. Again, the situation varies
depending on the distribution they are uploading to. It also varies whether
if the problem is critical and imposes hardship on the porting effort, at the
discretion of the porter group. (Remember, none of this is Policy, just
mutually agreed upon guidelines.) For uploads to <literal>stable</literal> or
-<literal>testing </literal>, please coordinate with the appropriate release
+<literal>testing</literal>, please coordinate with the appropriate release
team first.
</para>
<para>
<para>
The <systemitem role="package">wanna-build</systemitem> system is used as a
distributed, client-server build distribution system. It is usually used in
-conjunction with build daemons running the <systemitem role="package">buildd
-</systemitem> program. <literal>Build daemons</literal> are ``slave'' hosts
-which contact the central <systemitem role="package"> wanna-build</systemitem>
+conjunction with build daemons running the <systemitem role="package">buildd</systemitem>
+program. <literal>Build daemons</literal> are ``slave'' hosts
+which contact the central <systemitem role="package">wanna-build</systemitem>
system to receive a list of packages that need to be built.
</para>
<para>
enough to reproduce problems.
</para>
<para>
-Most of the data produced by <systemitem role="package">wanna-build
-</systemitem> which is generally useful to porters is available on the
+Most of the data produced by <systemitem role="package">wanna-build</systemitem>
+which is generally useful to porters is available on the
web at <ulink url="&url-buildd;"></ulink>. This data includes nightly
updated statistics, queueing information and logs for build attempts.
</para>
<listitem>
<para>
In order to prevent autobuilders from needlessly trying to build your package,
-it must be included in <filename>packages-arch-specific</filename>, a list used
+it must be included in <filename>Packages-arch-specific</filename>, a list used
by the <command>wanna-build</command> script. The current version is available
as <ulink url="&url-buildd-p-a-s;"/>;
please see the top of the file for whom to contact for changes.
</itemizedlist>
<para>
Please note that it is insufficient to only add your package to
-Packages-arch-specific without making it fail to build on unsupported
+<filename>Packages-arch-specific</filename> without making it fail to build on unsupported
architectures: A porter or any other person trying to build your package might
accidently upload it without noticing it doesn't work. If in the past some
binary packages were uploaded on unsupported architectures, request their
removal by filing a bug against <systemitem
-role="package">ftp.debian.org</systemitem>
+role="package">ftp.debian.org</systemitem>.
</para>
</section>
+<section id="non-free-buildd">
+<title>Marking non-free packages as auto-buildable</title>
+<para>
+By default packages from the <literal>non-free</literal> section are not built by the autobuilder
+network (mostly because the license of the packages could disapprove).
+To enable a package to be build you need to perform the following
+steps:
+</para>
+<orderedlist numeration="arabic">
+<listitem>
+<para>
+Check whether it is legally allowed and technically possible
+to auto-build the package;
+</para>
+</listitem>
+<listitem>
+<para>
+Add <literal>XS-Autobuild: yes</literal> into the header part
+of <filename>debian/control</filename>;
+</para>
+</listitem>
+<listitem>
+<para>
+Send an email to &email-nonfree-release; and explain why the
+package can legitimately and technically be auto-built.
+</para>
+</listitem>
+</orderedlist>
+</section>
</section>
<section id="nmu">
When doing an NMU, you must first make sure that your intention to NMU is
clear. Then, you must send a patch with the differences between the
current package and your proposed NMU to the BTS. The
-<literal>nmudiff</literal> script in the <literal>devscripts</literal> package
+<command>nmudiff</command> script in the <systemitem role="package">devscripts</systemitem> package
might be helpful.
</para>
<para>
While preparing the patch, you should better be aware of any package-specific
-practices that the maintainer might be using. Taking them into account reduces
-the burden of getting your changes integrated back in the normal package
-workflow and thus increases the possibilities that that will happen. A good
+practices that the maintainer might be using. Taking them into account
+reduces the burden of integrating your changes into the normal package
+workflow and thus increases the chances that integration will happen. A good
place where to look for for possible package-specific practices is
-<ulink url="&url-debian-policy;ch-source.html#s-readmesource"><literal>debian/README.source</literal></ulink>.
+<ulink url="&url-debian-policy;ch-source.html#s-readmesource"><filename>debian/README.source</filename></ulink>.
</para>
<para>
Unless you have an excellent reason not to do so, you must then give some time
<itemizedlist>
<listitem>
<para>
+Upload fixing only release-critical bugs older than 7 days, with no maintainer activity on the bug for 7 days and no indication that a fix is in progress: 0 days
+</para>
+</listitem>
+<listitem>
+<para>
Upload fixing only release-critical bugs older than 7 days: 2 days
</para>
</listitem>
</section>
<section id="nmu-changelog">
-<title>NMUs and debian/changelog</title>
+<title>NMUs and <filename>debian/changelog</filename></title>
<para>
Just like any other (source) upload, NMUs must add an entry to
-<literal>debian/changelog</literal>, telling what has changed with this
+<filename>debian/changelog</filename>, telling what has changed with this
upload. The first line of this entry must explicitely mention that this upload is an NMU, e.g.:
</para>
<screen>
The way to version NMUs differs for native and non-native packages.
</para>
<para>
-If the package is a native package (without a debian revision in the version number),
+If the package is a native package (without a Debian revision in the version number),
the version must be the version of the last maintainer upload, plus
<literal>+nmu<replaceable>X</replaceable></literal>, where
<replaceable>X</replaceable> is a counter starting at <literal>1</literal>.
version <literal>1.5+nmu1</literal>.
</para>
<para>
-If the package is a not a native package, you should add a minor version number
-to the debian revision part of the version number (the portion after the last
-hyphen). This extra number must start at 1. For example,
+If the package is not a native package, you should add a minor version number
+to the Debian revision part of the version number (the portion after the last
+hyphen). This extra number must start at <literal>1</literal>. For example,
if the current version is <literal>1.5-2</literal>, then an NMU would get
version <literal>1.5-2.1</literal>. If a new upstream version
-is packaged in the NMU, the debian revision is set to <literal>0</literal>, for
+is packaged in the NMU, the Debian revision is set to <literal>0</literal>, for
example <literal>1.6-0.1</literal>.
</para>
<para>
When the release number is not yet known (often the case for
<literal>testing</literal>, at the beginning of release cycles), the lowest
release number higher than the last stable release number must be used. For
-example, while Etch (Debian 4.0) is stable, a security NMU to stable for a
+example, while Lenny (Debian 5.0) is stable, a security NMU to stable for a
package at version <literal>1.5-3</literal> would have version
-<literal>1.5-3+deb40u1</literal>, whereas a security NMU to Lenny would get
-version <literal>1.5-3+deb50u1</literal>. After the release of Lenny, security
+<literal>1.5-3+deb50u1</literal>, whereas a security NMU to Squeeze would get
+version <literal>1.5-3+deb60u1</literal>. After the release of Squeeze, security
uploads to the <literal>testing</literal> distribution will be versioned
-<literal>+deb51uZ</literal>, until it is known whether that release will be
-Debian 5.1 or Debian 6.0 (if that becomes the case, uploads will be versioned
-as <literal>+deb60uZ</literal>.
+<literal>+deb61uZ</literal>, until it is known whether that release will be
+Debian 6.1 or Debian 7.0 (if that becomes the case, uploads will be versioned
+as <literal>+deb70uZ</literal>).
</para>
</section>
<para>
BinNMUs are usually triggered on the buildds by wanna-build.
-An entry is added to debian/changelog,
+An entry is added to <filename>debian/changelog</filename>,
explaining why the upload was needed and increasing the version number as
described in <xref linkend="binary-only-nmu"/>.
This entry should not be included in the next upload.
<para>
Buildds upload packages for their architecture to the archive as binary-only
uploads. Strictly speaking, these are binNMUs. However, they are not normally
-called NMU, and they don't add an entry to debian/changelog.
+called NMU, and they don't add an entry to <filename>debian/changelog</filename>.
</para>
</section>
<para>
QA uploads are very much like normal maintainer uploads: they may fix anything,
even minor issues; the version numbering is normal, and there is no need to use
-a delayed upload. The difference is that you are not listed as the Maintainer
-or Uploader for the package. Also, the changelog entry of a QA upload has a
+a delayed upload. The difference is that you are not listed as the <literal>Maintainer</literal>
+or <literal>Uploader</literal> for the package. Also, the changelog entry of a QA upload has a
special first line:
</para>
<para>
Sometimes you are fixing and/or updating a package because you are member of a
-packaging team (which uses a mailing list as Maintainer or Uploader, see <xref
-linkend="collaborative-maint"/>) but you don't want to add yourself to Uploaders
+packaging team (which uses a mailing list as <literal>Maintainer</literal> or <literal>Uploader</literal>, see <xref
+linkend="collaborative-maint"/>) but you don't want to add yourself to <literal>Uploaders</literal>
because you do not plan to contribute regularly to this specific package. If it
conforms with your team's policy, you can perform a normal upload without
-being listed directly as Maintainer or Uploader. In that case, you should
-start your changelog entry with the following line: <code> * Team upload.</code>.
+being listed directly as <literal>Maintainer</literal> or <literal>Uploader</literal>. In that case, you should
+start your changelog entry with the following line:
</para>
+<screen>
+ * Team upload.
+</screen>
+
</section>
</section>
maintenance duties by several people. This collaboration is almost always a
good idea, since it generally results in higher quality and faster bug fix
turnaround times. It is strongly recommended that packages with a priority of
-<literal>Standard</literal> or which are part of the base set have
+<literal>standard</literal> or which are part of the base set have
co-maintainers.
</para>
<para>
<para>
Setup the co-maintainer with access to the sources you build the package from.
Generally this implies you are using a network-capable version control system,
-such as <command>CVS</command> or <command>Subversion</command>. Alioth (see
+such as <literal>CVS</literal> or <literal>Subversion</literal>. Alioth (see
<xref linkend="alioth"/>) provides such tools, amongst others.
</para>
</listitem>
<para>
Another form of collaborative maintenance is team maintenance, which is
recommended if you maintain several packages with the same group of developers.
-In that case, the Maintainer and Uploaders field of each package must be
+In that case, the <literal>Maintainer</literal> and <literal>Uploaders</literal> field of each package must be
managed with care. It is recommended to choose between one of the two
following schemes:
</para>
<orderedlist numeration="arabic">
<listitem>
<para>
-Put the team member mainly responsible for the package in the Maintainer field.
-In the Uploaders, put the mailing list address, and the team members who care
+Put the team member mainly responsible for the package in the <literal>Maintainer</literal> field.
+In the <literal>Uploaders</literal>, put the mailing list address, and the team members who care
for the package.
</para>
</listitem>
<listitem>
<para>
-Put the mailing list address in the Maintainer field. In the Uploaders field,
+Put the mailing list address in the <literal>Maintainer</literal> field. In the <literal>Uploaders</literal> field,
put the team members who care for the package. In this case, you must make
sure the mailing list accept bug reports without any human interaction (like
moderation for non-subscribers).
<para>
In any case, it is a bad idea to automatically put all team members in the
-Uploaders field. It clutters the Developer's Package Overview listing (see
+<literal>Uploaders</literal> field. It clutters the Developer's Package Overview listing (see
<xref linkend="ddpo"/>) with packages one doesn't really care for, and creates
a false sense of good maintenance. For the same reason, team members do
-not need to add themselves to the Uploaders field just because they are
+not need to add themselves to the <literal>Uploaders</literal> field just because they are
uploading the package once, they can do a “Team upload” (see <xref
-linkend="nmu-team-upload"/>). Conversely, it it a bad idea to keep a
-package with only the mailing list address as a Maintainer and no
-Uploaders.
+linkend="nmu-team-upload"/>). Conversely, it is a bad idea to keep a
+package with only the mailing list address as a <literal>Maintainer</literal> and no
+<literal>Uploaders</literal>.
</para>
</section>
<para>
They must be in sync on all architectures and mustn't have dependencies that
make them uninstallable; they also have to have generally no known
-release-critical bugs at the time they're installed into <literal>testing
-</literal>. This way, <literal>testing</literal> should always be close to
+release-critical bugs at the time they're installed into <literal>testing</literal>.
+This way, <literal>testing</literal> should always be close to
being a release candidate. Please see below for details.
</para>
</section>
<listitem>
<para>
It must be available on all architectures on which it has previously been built
-in <literal>unstable</literal>. <xref linkend="dak-ls"/> may be of interest
+in <literal>unstable</literal>. <link linkend="dak-ls">dak ls</link> may be of interest
to check that information;
</para>
</listitem>
The packages on which it depends must either be available in
<literal>testing</literal> or they must be accepted into
<literal>testing</literal> at the same time (and they will be if they fulfill
-all the necessary criteria);
+all the necessary criteria).
</para>
</listitem>
</itemizedlist>
</para>
<para>
Sometimes, some packages never enter <literal>testing</literal> because the
-set of inter-relationship is too complicated and cannot be sorted out by the
+set of interrelationship is too complicated and cannot be sorted out by the
scripts. See below for details.
</para>
<para>
shows build dependencies which are not considered by britney.
</para>
<section id="outdated">
-<title>out-of-date</title>
+<title>Out-of-date</title>
<para>
<!-- FIXME: better rename this file than document rampant professionalism? -->
For the <literal>testing</literal> migration script, outdated means: There are
</tgroup>
</informaltable>
<para>
-The package is out of date on alpha in <literal>unstable</literal>, and will
+The package is out of date on <literal>alpha</literal> in <literal>unstable</literal>, and will
not go to <literal>testing</literal>. Removing the package would not help at all, the
package is still out of date on <literal>alpha</literal>, and will not
-propagate to testing.
+propagate to <literal>testing</literal>.
</para>
<para>
However, if ftp-master removes a package in <literal>unstable</literal> (here
be removed to allow <literal>b</literal> in.
</para>
<para>
-Of course, there is another reason to remove a package from <literal>testing
-</literal>: It's just too buggy (and having a single RC-bug is enough to be
+Of course, there is another reason to remove a package from <literal>testing</literal>:
+It's just too buggy (and having a single RC-bug is enough to be
in this state).
</para>
<para>
</section>
<section id="circular">
-<title>circular dependencies</title>
+<title>Circular dependencies</title>
<para>
A situation which is not handled very well by britney is if package
<literal>a</literal> depends on the new version of package
</section>
<section id="s5.13.2.4">
-<title>influence of package in testing</title>
+<title>Influence of package in testing</title>
<para>
-Generally, there is nothing that the status of a package in <literal>testing
-</literal> means for transition of the next version from <literal>unstable
-</literal> to <literal>testing</literal>, with two exceptions:
+Generally, there is nothing that the status of a package in <literal>testing</literal>
+means for transition of the next version from <literal>unstable</literal>
+to <literal>testing</literal>, with two exceptions:
If the RC-bugginess of the package goes down, it may go in even if it is still
-RC-buggy. The second exception is if the version of the package in <literal>
-testing</literal> is out of sync on the different arches: Then any arch might
+RC-buggy. The second exception is if the version of the package in
+<literal>testing</literal> is out of sync on the different arches: Then any arch might
just upgrade to the version of the source package; however, this can happen
only if the package was previously forced through, the arch is in fuckedarches,
-or there was no binary package of that arch present in <literal>unstable
-</literal> at all during the <literal>testing</literal> migration.
+or there was no binary package of that arch present in <literal>unstable</literal>
+at all during the <literal>testing</literal> migration.
</para>
<para>
-In summary this means: The only influence that a package being in <literal>
-testing</literal> has on a new version of the same package is that the new
+In summary this means: The only influence that a package being in
+<literal>testing</literal> has on a new version of the same package is that the new
version might go in easier.
</para>
</section>
<section id="details">
-<title>details</title>
+<title>Details</title>
<para>
If you are interested in details, this is how britney works:
</para>
is not described here. If you're interested in that, please peruse the code.)
</para>
<para>
-Now, the more complex part happens: Britney tries to update <literal>testing
-</literal> with the valid candidates. For that, britney tries to add each
+Now, the more complex part happens: Britney tries to update <literal>testing</literal>
+with the valid candidates. For that, britney tries to add each
valid candidate to the testing distribution. If the number of uninstallable
packages in <literal>testing</literal> doesn't increase, the package is
accepted. From that point on, the accepted package is considered to be part
before or after this main run, depending on the exact type.
</para>
<para>
-If you want to see more details, you can look it up on
-<filename>merkel:/org/&ftp-debian-org;/testing/update_out/</filename> (or
-in <filename>merkel:~aba/testing/update_out</filename> to see a setup with
-a smaller packages file). Via web, it's at <ulink
-url="http://&ftp-master-host;/testing/update_out_code/"></ulink>
+If you want to see more details, you can look it up on <ulink
+url="http://&ftp-master-host;/testing/update_output/"></ulink>.
</para>
<para>
The hints are available via <ulink
<para>
The <literal>testing</literal> distribution is fed with packages from
<literal>unstable</literal> according to the rules explained above. However,
-in some cases, it is necessary to upload packages built only for <literal>
-testing</literal>. For that, you may want to upload to <literal>
-testing-proposed-updates</literal>.
+in some cases, it is necessary to upload packages built only for
+<literal>testing</literal>. For that, you may want to upload to
+<literal>testing-proposed-updates</literal>.
</para>
<para>
Keep in mind that packages uploaded there are not automatically processed, they
<para>
You should not upload to <literal>testing-proposed-updates</literal> when you
can update your packages through <literal>unstable</literal>. If you can't
-(for example because you have a newer development version in <literal>unstable
-</literal>), you may use this facility, but it is recommended that you ask for
+(for example because you have a newer development version in <literal>unstable</literal>),
+you may use this facility, but it is recommended that you ask for
authorization from the release manager first. Even if a package is frozen,
updates through <literal>unstable</literal> are possible, if the upload via
<literal>unstable</literal> does not pull in any new dependencies.
<para>
Version numbers are usually selected by adding the codename of the
<literal>testing</literal> distribution and a running number, like
-<literal>1.2sarge1</literal> for the first upload through
+<literal>1.2squeeze1</literal> for the first upload through
<literal>testing-proposed-updates</literal> of package version
<literal>1.2</literal>.
</para>
<listitem>
<para>
Make sure that your package really needs to go through
-<literal>testing-proposed-updates</literal>, and can't go through <literal>
-unstable</literal>;
+<literal>testing-proposed-updates</literal>, and can't go through
+<literal>unstable</literal>;
</para>
</listitem>
<listitem>
Such bugs are presumed to have an impact on the chances that the package will
be released with the <literal>stable</literal> release of Debian: in general,
if a package has open release-critical bugs filed on it, it won't get into
-<literal>testing</literal>, and consequently won't be released in <literal>
-stable</literal>.
+<literal>testing</literal>, and consequently won't be released in
+<literal>stable</literal>.
</para>
<para>
The <literal>unstable</literal> bug count are all release-critical bugs which
-are marked to apply to <replaceable>package</replaceable>/<replaceable>version
-</replaceable> combinations that are available in unstable for a release
+are marked to apply to <replaceable>package</replaceable>/<replaceable>version</replaceable>
+combinations that are available in unstable for a release
architecture. The <literal>testing</literal> bug count is defined analogously.
</para>
</section>
The structure of the distribution archives is such that they can only contain
one version of a package; a package is defined by its name. So when the source
package <literal>acmefoo</literal> is installed into <literal>testing</literal>,
-along with its binary packages <literal>acme-foo-bin</literal>, <literal>
-acme-bar-bin</literal>, <literal>libacme-foo1</literal> and <literal>
-libacme-foo-dev</literal>, the old version is removed.
+along with its binary packages <literal>acme-foo-bin</literal>,
+<literal>acme-bar-bin</literal>, <literal>libacme-foo1</literal> and
+<literal>libacme-foo-dev</literal>, the old version is removed.
</para>
<para>
However, the old version may have provided a binary package with an old soname