X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=developers-reference.sgml;h=26f9f3450540646aa1a48e6a11520b80a9a72d55;hb=d435c3ecc576c1551bba2714b96c839ac30397e1;hp=79a60492c16be7e96d672822c15bbfe7108037ea;hpb=8e61d80da8ddea01cc9381b35c986c11aba067b4;p=developers-reference.git

diff --git a/developers-reference.sgml b/developers-reference.sgml
index 79a6049..26f9f34 100644
--- a/developers-reference.sgml
+++ b/developers-reference.sgml
@@ -6,7 +6,7 @@
   <!entity % commondata  SYSTEM "common.ent" > %commondata;
 
   <!-- CVS revision of this document -->
-  <!entity cvs-rev "$Revision: 1.125 $">
+  <!entity cvs-rev "$Revision: 1.128 $">
   <!-- if you are translating this document, please notate the CVS
        revision of the developers reference here -->
   <!--
@@ -659,8 +659,12 @@ resource to search the list of Debian developers.  For information on
 keeping your entry the developer database up-to-date, see <ref
 id="user-maint">. Part of this information is also available through
 the finger service on Debian servers, try
-<prgn>finger yourlogin@debian.org</prgn> to see what it reports.
-
+<prgn>finger yourlogin@db.debian.org</prgn> to see what it reports.
+	<p>
+This database lets you register some other information like public SSH
+keys that will be automatically installed on the official debian machines
+or like *.debian.net DNS entry. Those features are documented
+here : <url id="&url-debian-db-mail-gw;">
 
     <sect id="servers-mirrors">Mirrors of Debian servers
 	<p>
@@ -1303,6 +1307,21 @@ notifications, you just have to make sure it sends a copy of those mails
 to <tt><var>srcpackage</var>_cvs@&pts-host;</tt>. Only people who
 accepts the <em>cvs</em> keyword will receive the notifications.
 
+    <sect id="ddpo">Developer's packages overview
+	<p>
+This is a nice web portal that displays a table of all the packages
+of a single developer (including those where he's listed as
+co-maintainer). The table gives a good summary about his
+packages : number of bugs by severity, list of available versions in each
+distributon, testing status and much more including links to any other
+useful information.
+	<p>
+It is a very good idea to take a look at this table regularly so that
+you don't forget any open bug and so that you don't forget which
+packages are under your responsibility.
+	<p>
+You will find everything here : <url id="&url-ddpo;">
+
 
    <chapt id="pkgs">Managing Packages
 	<p>
@@ -1471,69 +1490,25 @@ byte-for-byte identical with the one already in the archive.
 	  <p>
 The <tt>Distribution</tt> field, which originates from the first line of
 the <file>debian/changelog</file> file, indicates which distribution the
-package is intended for.
-	  <p>
-There are three possible values for this field: `stable', `unstable',
-and `experimental'. Normally, packages are uploaded into
-<em>unstable</em>.
+package is intended for. 
 	  <p>
-You should avoid combining `stable' with others because of potential
-problems with library dependencies (for your package and for the package
-built by the build daemons for other architecture).
-See <ref id="upload-stable"> for more information on when and how to
-upload to <em>stable</em>.
+There are several possible values for this field: `stable', `unstable',
+`testing-proposed-updates' and `experimental'. Normally, packages are uploaded into
+<em>unstable</em>. Actually, there are two other possible distributions:
+`stable-security' and `testing-security'. However they are used by the
+security team; do not upload there without their agreement.
 	  <p>
-It never makes sense to combine the <em>experimental</em> distribution
-with anything else.
-
-<!-- 
-	  <sect2 id="upload-frozen">Uploading to <em>frozen</em>
-	    <p>
-The Debian freeze is a crucial time for Debian.  It is our chance to
-synchronize and stabilize our distribution as a whole.  Therefore,
-care must be taken when uploading to <em>frozen</em>.
-	    <p>
-It is tempting to always try to get the newest release of software
-into the release.  However, it's much more important that the system
-as a whole is stable and works as expected.
-	    <p>
-The watchword for uploading to <em>frozen</em> is <strong>no new
-code</strong>.  This is a difficult thing to quantify, so here are
-some guidelines:
-	    <p>
-<list>
-		<item>
-Fixes for bugs of severity <em>critical</em>, <em>grave</em>, or
-<em>serious</em> severity are always allowed for those packages that
-must exist in the final release
-		<item>
-<em>critical</em>, <em>grave</em>, and <em>serious</em> bug fixes are
-allowed for non-necessary packages but only if they don't add any new
-features
-		<item>
-important, normal and minor bug fixes are allowed (though discouraged)
-on all packages if and only if there are no new features
-		<item>
-wishlist fixes are not allowed (they are, after all, not really bugs)
-		<item>
-documentation bug fixes are allowed, since good documentation is
-important
-	      </list>
-	    <p>
-Experience has shown that there is statistically a 15% chance that
-every bug fix will introduce a new bug.  The introduction and
-discovery of new bugs either delays release or weakens the final
-product.  There is little correlation between the severity of the
-original bug fixed and the severity of the bug newly introduced by the
-fix.
-
- -->
+It is technically possible to upload a package into several distributions
+at the same time but it usually doesn't make sense to use that feature
+because the dependencies of the package may vary with the distribution.
+In particular, it never makes sense to combine the <em>experimental</em>
+distribution with anything else.
 
 
 	  <sect3 id="upload-stable">Uploading to <em>stable</em>
 	    <p>
 Uploading to <em>stable</em> means that the package will be placed into the
-<file>proposed-updates</file> directory of the Debian archive for further
+<file>stable-proposed-updates</file> directory of the Debian archive for further
 testing before it is actually included in <em>stable</em>.
 	    <p>
 Extra care should be taken when uploading to <em>stable</em>. Basically, a
@@ -1560,13 +1535,29 @@ packages (by messing with <tt>Provides</tt> or shlibs files), possibly making
 those other packages uninstallable, is strongly discouraged.
 	    <p>
 The Release Team (which can be reached at &email-debian-release;) will
-regularly evaluate the uploads in <em>proposed-updates</em> and decide if
+regularly evaluate the uploads in <em>stable-proposed-updates</em> and decide if
 your package can be included in <em>stable</em>. Please be clear (and
 verbose, if necessary) in your changelog entries for uploads to
 <em>stable</em>, because otherwise the package won't be considered for
 inclusion.
 
-
+	  <sect3 id="upload-t-p-u">Uploading to <em>testing-proposed-updates</em>
+	    <p>
+The testing distribution is fed with packages from unstable according to the rules
+explained in <ref id="testing">. However, the release manager may stop the testing
+scripts when he wants to freeze the distribution. In that case, you may want to
+upload to <em>testing-proposed-udaptes</em> to provide fixed packages during the freeze.
+	    <p>
+Keep in mind that packages uploaded there are not automatically processed, they
+have to go through the hands of the release manager. So you'd better have a good
+reason to upload there. In order to know what a good reason is in the
+release manager's eyes, you should read the instructions that he regularly
+gives on &email-debian-devel-announce;.
+	    <p>
+You should not upload to <em>testing-proposed-updates</em> when you can update your
+packages through <em>unstable</em>. If you can't (for example because you have a
+newer development version in unstable), you may use it but it is recommended to ask
+the authorization of the release manager before.
 
       <sect1 id="uploading">Uploading a package
 
@@ -1854,13 +1845,8 @@ distribution, i.e., stable, unstable, or experimental.  Porters have
 slightly different rules than non-porters, due to their unique
 circumstances (see <ref id="source-nmu-when-porter">).
 	<p>
-When a security bug is detected, a fixed package should be uploaded
-as soon as possible. In this case, the Debian security officers get in
-contact with the package maintainer to make sure a fixed package is
-uploaded within a reasonable time (less than 48 hours). If the package
-maintainer cannot provide a fixed package fast enough or if he/she
-cannot be reached in time, a security officer may upload a fixed
-package (i.e., do a source NMU).
+When a security bug is detected, the security team may do an NMU.
+Please refer to <ref id="bug-security"> for more information.
 	<p>
 During the release cycle (see <ref id="sec-dists">), NMUs which fix
 serious or higher severity bugs are encouraged and accepted.  Even
@@ -1869,14 +1855,14 @@ maintainer of the package; they might be just about to upload a fix
 for the problem.  As with any source NMU, the guidelines found in <ref
 id="nmu-guidelines"> need to be followed.
 	<p>
-Bug fixes to unstable by non-maintainers are also acceptable, but only
-as a last resort or with permission.  The following protocol should
-be respected to do an NMU:
+Uploading bug fixes to unstable by non-maintainers should only be done
+by following this protocol:
 	<p>
 <list>
 	    <item>
-Make sure that the package's bug is in the Debian Bug Tracking System
-(BTS).  If not, submit a bug.  
+Make sure that the package's bugs that the NMU is meant to address are all
+filed in the Debian Bug Tracking System (BTS).
+If they are not, submit them immediately.
 	    <item>
 Wait a few days the response from the maintainer. If you don't get
 any response, you may want to help him by sending the patch that fixes
@@ -1897,7 +1883,15 @@ to cancel the NMU.
 Follow what happens, you're responsible for any bug that you introduced
 with your NMU. You should probably use <ref id="pkg-tracking-system"> (PTS)
 to stay informed of the state of the package after your NMU.
-	  </list>
+</list>
+	<p>
+At times, the release manager or an organized group of developers can
+announce a certain period of time in which the NMU rules are relaxed.
+This usually involves shortening the period during which one is to wait
+before uploading the fixes, and shortening the DELAYED period. It is
+important to notice that even in these so-called "bug squashing party"
+times, the NMUer has to file bugs and contact the developer first,
+and act later.
 
       <sect1 id="nmu-guidelines">How to do a source NMU
 	<p>
@@ -2408,6 +2402,17 @@ that package, and the package has moved into the archive, file a bug
 against <tt>ftp.debian.org</tt> asking to remove the package with the
 obsolete name. Do not forget to properly reassign the package's bugs
 at the same time.
+	<p>
+At other times, you may make a mistake in constructing your package, and
+wish to replace it. The only way to do this is to increase the version
+number, and upload a new version. The old version will be expired in
+the usual manner.  Note that this applies to each part of your package,
+including the sources: if you wish to replace the upstream source tarball
+of your package, you will need to upload it with a different version. An
+easy possibility is to replace <file>foo_1.00.orig.tar.gz</file> with
+<file>foo_1.00+0.orig.tar.gz</file>. This restriction gives each file
+on the ftp site a unique name, which helps to ensure consistency across the
+mirror network.
 
       <sect1 id="orphaning">Orphaning a package
 	<p>
@@ -2543,9 +2548,8 @@ to let people know that the bug exists but that it won't be corrected.
 If this situation is unacceptable, you (or the submitter) may want to
 require a decision of the technical committee by reassigning the bug
 to <package>tech-ctte</package> (you may use the clone command of
-the BTS if you wish to keep it reported against your package).
-<!-- FIXME: Follow the procedure described at 
-     tech-ctte-url (there's no such url yet). -->
+the BTS if you wish to keep it reported against your package). Before
+doing so, please read the <url id="&url-tech-ctte;" name="recommended procedure">.
     <item>
 If the bug is real but it's caused by another package, just reassign
 the bug the right package. If you don't know which package it should
@@ -2599,6 +2603,7 @@ maintainers with security problems or fix them themselves, sending
 security advisories, and maintaining security.debian.org.
 
 <!-- information about the security database goes here once it's ready -->
+<!-- (mdz) -->
 
         <sect2 id="bug-security-you">What to do when you learn of a
         security problem
@@ -2744,10 +2749,12 @@ When packaging the fix, keep the following points in mind:
     new version to unstable first.
 
     <item>Do not make source-only uploads if your package has any
-    binary-all packages. The buildd infrastructure will not build
-    those. This point applies to normal package uploads as well.
+    binary-all packages (do not use the <tt>-S</tt> option to
+    <prgn>dpkg-buildpackage</prgn>).  The buildd infrastructure will
+    not build those. This point applies to normal package uploads as
+    well.
 
-    <item>Always upload with full source (use the <tt>-sa</tt> option
+    <item>Always build with full source (use the <tt>-sa</tt> option
     for <prgn>dpkg-buildpackage</prgn>).
 
     <item>Be sure to use the exact same .orig.tar.gz as used in the
@@ -2759,28 +2766,34 @@ When packaging the fix, keep the following points in mind:
     are building for. If you do not have such a system yourself, you
     can use a debian.org machine (see <ref id="server-machines">)
     or setup a chroot (see <ref id="pbuilder"> and
-    <ref if="debootstrap">).
+    <ref id="debootstrap">).
 </list>
 
       <sect2 id="bug-security-upload">Uploading the fixed package
-      <p>
-Once you have created and tested the new package, it needs to be
-uploaded so it can be installed in the archives. For security uploads,
-the place to upload to is
+<p>
+<em>DO NOT</em> upload a package to the security upload queue without
+prior authorization from the security team.  If the package does not
+exactly meet the team's requirements, it will cause many problems and
+delays in dealing with the unwanted upload.
+<p>
+Once you have created and tested the new package, and it has been
+approved by the security team, it needs to be uploaded so that it can
+be installed in the archives. For security uploads, the place to
+upload to is
 <tt>ftp://security.debian.org/pub/SecurityUploadQueue/</tt> .
 
 <p>
-Once an upload to the security queue has been accepted the package
+Once an upload to the security queue has been accepted, the package
 will automatically be rebuilt for all architectures and stored for
 verification by the security team.
 
 <p>
-Uploads waiting for acceptance or verification are only accessible by
-the security team. This is necessary since there might be fixes for
-security problems that can not be disclosed yet.
+Uploads which are waiting for acceptance or verification are only
+accessible by the security team. This is necessary since there might
+be fixes for security problems that cannot be disclosed yet.
 
 <p>
-If a member of the security team accepts a package it will be
+If a member of the security team accepts a package, it will be
 installed on security.debian.org as well as the proper
 <em>distribution</em>-proposed-updates on ftp-master or in the non-US
 archive.
@@ -2962,6 +2975,13 @@ full example.
 	/etc/modutils/ for module configuration.
 -->
 
+	<sect1 id="bpp-autotools">Packages using autoconf/automake
+	<p>
+Some very good packaging practices for packages using autoconf and/or
+automake have been synthetized in &file-bpp-autotools;. You're strongly
+encouraged to read this file and to follow the given recommandations.
+
+
 	<sect1 id="bpp-libraries">Libraries
 	<p>
 Libraries are always difficult to package for various reasons. The policy
@@ -3054,7 +3074,8 @@ that description, you should be careful to avoid English
 mistakes. Ensure that you spell check it.
 <prgn>ispell</prgn> has a special option (<tt>-g</tt>) for that:
 <example>ispell -d american -g debian/control</example>.
-
+If you want someone to proofread the description that you
+intend to use you may ask on &email-debian-l10n-english;.