header (don't use CC:, because that way the message's subject won't
indicate the bug number). If you are packaging so many new packages (>10)
that notifying the mailing list in seperate messages is too disruptive,
-do send a summary after filing the bugs to the debian-devel list instead.
+send a summary after filing the bugs to the debian-devel list instead.
This will inform the other developers about upcoming packages and will
allow a review of your description and package name.
</para>
<para>
-Please include a <literal>Closes:
-bug#<replaceable>nnnnn</replaceable></literal> entry in the changelog of the
-new package in order for the bug report to be automatically closed once the new
-package is installed in the archive (see <xref linkend="upload-bugfix"/> ).
+Please include a <literal>Closes: #<replaceable>nnnnn</replaceable></literal>
+entry in the changelog of the new package in order for the bug report to
+be automatically closed once the new package is installed in the archive
+(see <xref linkend="upload-bugfix"/>).
</para>
<para>
If you think your package needs some explanations for the administrators of the
<listitem>
<para>
the (more common) packages where there's an original source tarball file
-accompanied by another file that contains the patches applied for Debian
+accompanied by another file that contains the changes made by Debian
</para>
</listitem>
</itemizedlist>
<para>
For the native packages, the source package includes a Debian source control
file (<literal>.dsc</literal>) and the source tarball
-(<literal>.tar.gz</literal>). A source package of a non-native package
+(<literal>.tar.{gz,bz2,lzma}</literal>). A source package of a non-native package
includes a Debian source control file, the original source tarball
-(<literal>.orig.tar.gz</literal>) and the Debian patches
-(<literal>.diff.gz</literal>).
+(<literal>.orig.tar.{gz,bz2,lzma}</literal>) and the Debian changes
+(<literal>.diff.gz</literal> for the source format “1.0” or
+<literal>.debian.tar.{gz,bz2,lzma}</literal> for the source format “3.0 (quilt)”).
</para>
<para>
-Whether a package is native or not is determined when it is built by
-<citerefentry> <refentrytitle>dpkg-buildpackage</refentrytitle>
-<manvolnum>1</manvolnum> </citerefentry>. The rest of this section relates
-only to non-native packages.
+With source format “1.0”, whether a package is native or not was determined
+by <command>dpkg-source</command> at build time. Nowadays it is recommended
+to be explicit about the desired source format by putting either “3.0 (quilt)”
+or “3.0 (native)” in <filename>debian/source/format</filename>.
+The rest of this section relates only to non-native packages.
</para>
<para>
The first time a version is uploaded which corresponds to a particular upstream
<para>
By default, <command>dpkg-genchanges</command> and
<command>dpkg-buildpackage</command> will include the original source tar file
-if and only if the Debian revision part of the source version number is 0 or 1,
-indicating a new upstream version. This behavior may be modified by using
+if and only if the current changelog entry has a different upstream version
+from the preceding entry. This behavior may be modified by using
<literal>-sa</literal> to always include it or <literal>-sd</literal> to always
leave it out.
</para>
</para>
<para>
Please notice that, in non-native packages, permissions on files that are not
-present in the .orig.tar.gz will not be preserved, as diff does not store file
-permissions in the patch.
+present in the .orig.tar.{gz,bz2} will not be preserved, as diff does not store file
+permissions in the patch. However when using source format “3.0 (quilt)”,
+permissions of files inside the <filename>debian</filename> directory are
+preserved since they are stored in a tar archive.
</para>
</section>
<title>Special case: uploads to the <literal>stable</literal> and
<literal>oldstable</literal> distributions</title>
<para>
-Uploading to <literal>stable</literal> means that the package will transfered
+Uploading to <literal>stable</literal> means that the package will transferred
to the <literal>proposed-updates-new</literal> queue for review by the stable
release managers, and if approved will be installed in
<filename>stable-proposed-updates</filename> directory of the Debian archive.
<title>The Security Tracker</title>
<para>
The security team maintains a central database, the
-<ulink url="http://security-tracker.debian.net/">Debian Security Tracker</ulink>.
+<ulink url="http://security-tracker.debian.org/">Debian Security Tracker</ulink>.
This contains all public information that is known about security issues:
which packages and versions are affected or fixed, and thus whether stable,
testing and/or unstable are vulnerable. Information that is still confidential
</para>
<para>
The Security Team has a PGP-key to enable encrypted communication about
-sensitive issues. See the <ulink url="http://www.debian.org/security/faq.en.html#contact">Security Team FAQ</ulink> for details.
+sensitive issues. See the <ulink url="http://www.debian.org/security/faq#contact">Security Team FAQ</ulink> for details.
</para>
</section>
<emphasis role="strong">Target the right distribution</emphasis>
in your <filename>debian/changelog</filename>.
For <literal>stable</literal> this is <literal>stable-security</literal> and
-for testing this is <literal>testing-security</literal>, and for the previous
+for <literal>testing</literal> this is <literal>testing-security</literal>, and for the previous
stable release, this is <literal>oldstable-security</literal>. Do not target
<replaceable>distribution</replaceable><literal>-proposed-updates</literal> or
<literal>stable</literal>!
<listitem>
<para>
Be sure to use the <emphasis role="strong">exact same
-<filename>*.orig.tar.gz</filename></emphasis> as used in the
+<filename>*.orig.tar.{gz,bz2}</filename></emphasis> as used in the
normal archive, otherwise it is not possible to move the security fix into the
main archives later.
</para>
the package (see the <ulink
url="&url-debian-policy;">Debian Policy Manual</ulink> for
details). You must ensure that you include the
-<filename>.orig.tar.gz</filename> in your upload (even if you are not uploading
+<filename>.orig.tar.{gz,bz2}</filename> in your upload (even if you are not uploading
a new upstream version), or it will not appear in the new section together with
the rest of the package. If your new section is valid, it will be moved
automatically. If it does not, then contact the ftpmasters in order to
you wish to replace the upstream source tarball of your package, you will need
to upload it with a different version. An easy possibility is to replace
<filename>foo_1.00.orig.tar.gz</filename> with
-<filename>foo_1.00+0.orig.tar.gz</filename>. This restriction gives each file
-on the ftp site a unique name, which helps to ensure consistency across the
-mirror network.
+<filename>foo_1.00+0.orig.tar.gz</filename> or
+<filename>foo_1.00.orig.tar.bz2</filename>. This restriction gives each
+file on the ftp site a unique name, which helps to ensure consistency
+across the mirror network.
</para>
</section>
In order to prevent autobuilders from needlessly trying to build your package,
it must be included in <filename>packages-arch-specific</filename>, a list used
by the <command>wanna-build</command> script. The current version is available
-as <ulink
-url="&url-cvsweb;srcdep/Packages-arch-specific?cvsroot=dak"></ulink>;
+as <ulink url="&url-buildd-p-a-s;"/>;
please see the top of the file for whom to contact for changes.
</para>
</listitem>
</section>
+<section id="nmu-team-upload">
+<title>NMUs vs team uploads</title>
+
+<para>
+Sometimes you are fixing and/or updating a package because you are member of a
+packaging team (which uses a mailing list as Maintainer or Uploader, see <xref
+linkend="collaborative-maint"/>) but you don't want to add yourself to Uploaders
+because you do not plan to contribute regularly to this specific package. If it
+conforms with your team's policy, you can perform a normal upload without
+being listed directly as Maintainer or Uploader. In that case, you should
+start your changelog entry with the following line: <code> * Team upload.</code>.
+</para>
+
+</section>
+
</section>
<section id="collaborative-maint">
</para>
</listitem>
</orderedlist>
+
<para>
In any case, it is a bad idea to automatically put all team members in the
-Uploaders field. It clutters the Developer's Package Overview listing (see
+Uploaders field. It clutters the Developer's Package Overview listing (see
<xref linkend="ddpo"/> ) with packages one doesn't really care for, and creates
-a false sense of good maintenance.
+a false sense of good maintenance. For the same reason, team members do
+not need to add themselves to the Uploaders field just because they are
+uploading the package once, they can do a “Team upload” (see <xref
+linkend="nmu-team-upload"/>). Conversely, it it a bad idea to keep a
+package with only the mailing list address as a Maintainer and no
+Uploaders.
</para>
</section>