X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=pkgs.dbk;h=5a34b950251cfa603fddece657ba553e4f4e8561;hb=refs%2Fheads%2Fmaster;hp=03a6919e5bbbe3305c540100a252aec66f86ebb3;hpb=f9fbe52cef0055dc018fbc1d16f118e4283b7756;p=developers-reference.git

diff --git a/pkgs.dbk b/pkgs.dbk
index 03a6919..5a34b95 100644
--- a/pkgs.dbk
+++ b/pkgs.dbk
@@ -23,8 +23,9 @@ pages</ulink> for more information.
 Assuming no one else is already working on your prospective package, you must
 then submit a bug report (<xref linkend="submit-bug"/>) against the
 pseudo-package <systemitem role="package">wnpp</systemitem> describing your
-plan to create a new package, including, but not limiting yourself to, a
-description of the package, the license of the prospective package, and the
+plan to create a new package, including, but not limiting yourself to, the
+description of the package (so that others can review it),
+the license of the prospective package, and the
 current URL where it can be downloaded from.
 </para>
 <para>
@@ -100,7 +101,7 @@ of what is going on, and what is new, in the project.
 </listitem>
 </itemizedlist>
 <para>
-Please see <ulink url="http://&ftp-master-host;/REJECT-FAQ.html"></ulink>
+Please see <ulink url="https://&ftp-master-host;/REJECT-FAQ.html"></ulink>
 for common rejection reasons for a new package.
 </para>
 </section>
@@ -290,9 +291,9 @@ There are several possible values for this field: <literal>stable</literal>,
 <literal>unstable</literal>.
 </para>
 <para>
-Actually, there are two other possible distributions: <literal>stable-security</literal>
-and <literal>testing-security</literal>, but read
-<xref linkend="bug-security"/> for more information on those.
+Actually, there are other possible distributions:
+<replaceable>codename</replaceable><literal>-security</literal>,
+but read <xref linkend="bug-security"/> for more information on those.
 </para>
 <para>
 It is not possible to upload a package into several distributions at the same
@@ -424,7 +425,7 @@ you might want to give the maintainer a few days to react.
 
 <para>
 An upload to the delayed directory keeps the package in
-<ulink url="http://ftp-master.debian.org/deferred.html">the deferred uploads queue</ulink>.
+<ulink url="https://ftp-master.debian.org/deferred.html">the deferred uploads queue</ulink>.
 When the specified waiting time is over, the package is moved into
 the regular incoming directory for processing.
 This is done through automatic uploading to
@@ -443,8 +444,8 @@ parameter to put the package into one of the queues.
 <title>Security uploads</title>
 <para>
 Do <emphasis role="strong">NOT</emphasis> upload a package to the security
-upload queue (<literal>oldstable-security</literal>, <literal>stable-security</literal>,
-etc.) without prior authorization from the security team.  If the
+upload queue (on <literal>security-master.debian.org</literal>)
+without prior authorization from the security team.  If the
 package does not exactly meet the team's requirements, it will cause many
 problems and delays in dealing with the unwanted upload.  For details, please
 see <xref linkend="bug-security"/>.
@@ -573,7 +574,7 @@ If you want to be a good maintainer, you should periodically check the <ulink
 url="&url-bts;">Debian bug tracking system (BTS)</ulink> for
 your packages.  The BTS contains all the open bugs against your packages.  You
 can check them by browsing this page:
-<literal>http://&bugs-host;/<replaceable>yourlogin</replaceable>@debian.org</literal>.
+<literal>https://&bugs-host;/<replaceable>yourlogin</replaceable>@debian.org</literal>.
 </para>
 <para>
 Maintainers interact with the BTS via email addresses at
@@ -843,10 +844,9 @@ fixing them themselves, sending security advisories, and maintaining
 <para>
 When you become aware of a security-related bug in a Debian package, whether or
 not you are the maintainer, collect pertinent information about the problem,
-and promptly contact the security team, preferably by filing a ticket in
-their Request Tracker.
-See <ulink url="http://wiki.debian.org/rt.debian.org#Security_Team"></ulink>.
-Alternatively you may email &email-security-team;.
+and promptly contact the security team by emailing &email-security-team;. If
+desired, email can be encrypted with the Debian Security Contact key, see
+<ulink url="https://www.debian.org/security/faq#contact"/> for details.
 <emphasis role="strong">DO NOT UPLOAD</emphasis> any packages for
 <literal>stable</literal> without contacting the team.  Useful information
 includes, for example:
@@ -898,7 +898,7 @@ below on how to prepare packages for the Security Team to handle.</para>
 <title>The Security Tracker</title>
 <para>
 The security team maintains a central database, the
-<ulink url="http://security-tracker.debian.org/">Debian Security Tracker</ulink>.
+<ulink url="https://security-tracker.debian.org/">Debian Security Tracker</ulink>.
 This contains all public information that is known about security issues:
 which packages and versions are affected or fixed, and thus whether stable,
 testing and/or unstable are vulnerable. Information that is still confidential
@@ -983,7 +983,7 @@ has become public.
 </para>
 <para>
 The Security Team has a PGP-key to enable encrypted communication about
-sensitive issues. See the <ulink url="http://www.debian.org/security/faq#contact">Security Team FAQ</ulink> for details.
+sensitive issues. See the <ulink url="https://www.debian.org/security/faq#contact">Security Team FAQ</ulink> for details.
 </para>
 </section>
 
@@ -1055,7 +1055,7 @@ security archive)
 <listitem>
 <para>
 References to upstream advisories, <ulink
-url="http://cve.mitre.org">CVE</ulink> identifiers, and any other information
+url="https://cve.mitre.org">CVE</ulink> identifiers, and any other information
 useful in cross-referencing the vulnerability
 </para>
 </listitem>
@@ -1122,11 +1122,10 @@ Be sure to verify the following items:
 <listitem>
 <para>
 <emphasis role="strong">Target the right distribution</emphasis>
-in your <filename>debian/changelog</filename>.
-For <literal>stable</literal> this is <literal>stable-security</literal> and
-for <literal>testing</literal> this is <literal>testing-security</literal>, and for the previous
-stable release, this is <literal>oldstable-security</literal>.  Do not target
-<replaceable>distribution</replaceable><literal>-proposed-updates</literal> or
+in your <filename>debian/changelog</filename>:
+<replaceable>codename</replaceable><literal>-security</literal>
+(e.g. <literal>wheezy-security</literal>).
+Do not target <replaceable>distribution</replaceable><literal>-proposed-updates</literal> or
 <literal>stable</literal>!
 </para>
 </listitem>
@@ -1154,8 +1153,9 @@ later distributions.  If in doubt, test it with <literal>dpkg
 --compare-versions</literal>.  Be careful not to re-use a version number that
 you have already used for a previous upload, or one that conflicts with a
 binNMU. The convention is to append
-<literal>+</literal><replaceable>codename</replaceable><literal>1</literal>, e.g.
-<literal>1:2.4.3-4+lenny1</literal>, of course increasing 1 for any subsequent
+<literal>+deb</literal><replaceable>X</replaceable><literal>u1</literal> (where
+<replaceable>X</replaceable> is the major release number), e.g.
+<literal>1:2.4.3-4+deb7u1</literal>, of course increasing 1 for any subsequent
 uploads.
 </para>
 </listitem>
@@ -1194,8 +1194,8 @@ have such a system yourself, you can use a debian.org machine (see
 <title>Uploading the fixed package</title>
 <para>
 Do <emphasis role="strong">NOT</emphasis> upload a package to the security
-upload queue (<literal>oldstable-security</literal>, <literal>stable-security</literal>,
-etc.) without prior authorization from the security team.  If the
+upload queue (on <literal>security-master.debian.org</literal>)
+without prior authorization from the security team.  If the
 package does not exactly meet the team's requirements, it will cause many
 problems and delays in dealing with the unwanted upload.
 </para>
@@ -1297,7 +1297,7 @@ to these rules when you use it to report a bug against the
 If you want to remove a package you maintain, you should note this in
 the bug title by prepending <literal>ROM</literal> (Request Of Maintainer).
 There are several other standard acronyms used in the reasoning for a package
-removal, see <ulink url="http://&ftp-master-host;/removals.html"></ulink>
+removal, see <ulink url="https://&ftp-master-host;/removals.html"></ulink>
 for a complete list. That page also provides a convenient overview of
 pending removal requests.
 </para>
@@ -1341,7 +1341,7 @@ removal request.
 </para>
 <para>
 Further information relating to these and other package removal related topics
-may be found at <ulink url="http://wiki.debian.org/ftpmaster_Removals"></ulink>
+may be found at <ulink url="https://wiki.debian.org/ftpmaster_Removals"></ulink>
 and <ulink url="&url-debian-qa;howto-remove.html"></ulink>.
 </para>
 <para>
@@ -1498,7 +1498,7 @@ doing some historical research first.
 You should check why the package was removed in the first place. This
 information can be found in the removal item in the news section of the PTS
 page for the package or by browsing the log of
-<ulink url="http://&ftp-master-host;/#removed">removals</ulink>.
+<ulink url="https://&ftp-master-host;/#removed">removals</ulink>.
 The removal bug will tell you why the package was removed and will give some
 indication of what you will need to work on in order to reintroduce the package.
 It may indicate that the best way forward is to switch to some other piece of
@@ -1976,8 +1976,20 @@ Before doing an NMU, consider the following questions:
 <itemizedlist>
 <listitem>
 <para>
-Does your NMU really fix bugs? Fixing cosmetic issues or changing the
-packaging style in NMUs is discouraged.
+Have you geared the NMU towards helping the maintainer? As there might
+be disagreement on the notion of whether the maintainer actually needs
+help on not, the DELAYED queue exists to give time to the maintainer to
+react and has the beneficial side-effect of allowing for independent
+reviews of the NMU diff.
+</para>
+</listitem>
+<listitem>
+<para>
+Does your NMU really fix bugs? ("Bugs" means any kind of bugs, e.g.
+wishlist bugs for packaging a new upstream version, but care should be
+taken to minimize the impact to the maintainer.) Fixing cosmetic issues
+or changing the packaging style (e.g. switching from cdbs to dh) in NMUs
+is discouraged.
 </para>
 </listitem>
 <listitem>
@@ -2060,7 +2072,7 @@ Other NMUs: 10 days
 
 <para>
 Those delays are only examples. In some cases, such as uploads fixing security
-issues, or fixes for trivial bugs that blocking a transition, it is desirable
+issues, or fixes for trivial bugs that block a transition, it is desirable
 that the fixed package reaches <literal>unstable</literal> sooner.
 </para>
 
@@ -2489,7 +2501,7 @@ scripts.  See below for details.
 </para>
 <para>
 Some further dependency analysis is shown on <ulink
-url="http://release.debian.org/migration/"></ulink> â but be warned, this page also
+url="https://release.debian.org/migration/"></ulink> â but be warned, this page also
 shows build dependencies which are not considered by britney.
 </para>
 <section id="outdated">
@@ -2687,13 +2699,13 @@ before or after this main run, depending on the exact type.
 </para>
 <para>
 If you want to see more details, you can look it up on <ulink
-url="http://&ftp-master-host;/testing/update_output/"></ulink>.
+url="https://&ftp-master-host;/testing/update_output/"></ulink>.
 </para>
 <para>
 The hints are available via <ulink
-url="http://&ftp-master-host;/testing/hints/"></ulink>, where you can find
+url="https://&ftp-master-host;/testing/hints/"></ulink>, where you can find
 the
-<ulink url="http://&ftp-master-host;/testing/hints/README">description</ulink>
+<ulink url="https://&ftp-master-host;/testing/hints/README">description</ulink>
 as well.  With the hints, the Debian Release team can block or unblock
 packages, ease or force packages into <literal>testing</literal>, remove
 packages from <literal>testing</literal>, approve uploads to
