1 # SOME DESCRIPTIVE TITLE
2 # Copyright (C) YEAR Free Software Foundation, Inc.
3 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
8 "Project-Id-Version: PACKAGE VERSION\n"
9 "POT-Creation-Date: 2007-06-26 16:13+0000\n"
10 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
11 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
12 "Language-Team: LANGUAGE <LL@li.org>\n"
14 "Content-Type: text/plain; charset=utf-8\n"
15 "Content-Transfer-Encoding: ENCODING"
17 # type: Content of: <chapter><title>
19 msgid "Managing Packages"
22 # type: Content of: <chapter><para>
25 "This chapter contains information related to creating, uploading, "
26 "maintaining, and porting packages."
29 # type: Content of: <chapter><section><title>
34 # type: Content of: <chapter><section><para>
37 "If you want to create a new package for the Debian distribution, you should "
38 "first check the <ulink "
39 "url=\"http://www.debian.org/devel/wnpp/\">Work-Needing and Prospective "
40 "Packages (WNPP)</ulink> list. Checking the WNPP list ensures that no one is "
41 "already working on packaging that software, and that effort is not "
42 "duplicated. Read the <ulink url=\"http://www.debian.org/devel/wnpp/\">WNPP "
43 "web pages</ulink> for more information."
46 # type: Content of: <chapter><section><para>
49 "Assuming no one else is already working on your prospective package, you "
50 "must then submit a bug report (<xref linkend=\"submit-bug\"/> ) against the "
51 "pseudo-package <systemitem role=\"package\">wnpp</systemitem> describing "
52 "your plan to create a new package, including, but not limiting yourself to, "
53 "a description of the package, the license of the prospective package, and "
54 "the current URL where it can be downloaded from."
57 # type: Content of: <chapter><section><para>
60 "You should set the subject of the bug to ``ITP: "
61 "<replaceable>foo</replaceable> -- <replaceable>short "
62 "description</replaceable>'', substituting the name of the new package for "
63 "<replaceable>foo</replaceable>. The severity of the bug report must be set "
64 "to <emphasis>wishlist</emphasis>. If you feel it's necessary, send a copy "
65 "to <email>debian-devel@lists.debian.org</email> by putting the address in "
66 "the <literal>X-Debbugs-CC:</literal> header of the message (no, don't use "
67 "<literal>CC:</literal>, because that way the message's subject won't "
68 "indicate the bug number)."
71 # type: Content of: <chapter><section><para>
74 "Please include a <literal>Closes: "
75 "bug#<replaceable>nnnnn</replaceable></literal> entry in the changelog of the "
76 "new package in order for the bug report to be automatically closed once the "
77 "new package is installed in the archive (see <xref "
78 "linkend=\"upload-bugfix\"/> )."
81 # type: Content of: <chapter><section><para>
84 "When closing security bugs include CVE numbers as well as the Closes: "
85 "#nnnnn. This is useful for the security team to track vulnerabilities. If "
86 "an upload is made to fix the bug before the advisory ID is known, it is "
87 "encouraged to modify the historical changelog entry with the next upload. "
88 "Even in this case, please include all available pointers to background "
89 "information in the original changelog entry."
92 # type: Content of: <chapter><section><para>
95 "There are a number of reasons why we ask maintainers to announce their "
99 # type: Content of: <chapter><section><itemizedlist><listitem><para>
102 "It helps the (potentially new) maintainer to tap into the experience of "
103 "people on the list, and lets them know if anyone else is working on it "
107 # type: Content of: <chapter><section><itemizedlist><listitem><para>
110 "It lets other people thinking about working on the package know that there "
111 "already is a volunteer, so efforts may be shared."
114 # type: Content of: <chapter><section><itemizedlist><listitem><para>
117 "It lets the rest of the maintainers know more about the package than the one "
118 "line description and the usual changelog entry ``Initial release'' that gets "
119 "posted to <literal>debian-devel-changes</literal>."
122 # type: Content of: <chapter><section><itemizedlist><listitem><para>
125 "It is helpful to the people who live off unstable (and form our first line "
126 "of testers). We should encourage these people."
129 # type: Content of: <chapter><section><itemizedlist><listitem><para>
132 "The announcements give maintainers and other interested parties a better "
133 "feel of what is going on, and what is new, in the project."
136 # type: Content of: <chapter><section><para>
140 "url=\"http://ftp-master.debian.org/REJECT-FAQ.html\"></ulink> for common "
141 "rejection reasons for a new package."
144 # type: Content of: <chapter><section><title>
146 msgid "Recording changes in the package"
149 # type: Content of: <chapter><section><para>
152 "Changes that you make to the package need to be recorded in the "
153 "<filename>debian/changelog</filename>. These changes should provide a "
154 "concise description of what was changed, why (if it's in doubt), and note if "
155 "any bugs were closed. They also record when the package was completed. "
156 "This file will be installed in "
157 "<filename>/usr/share/doc/<replaceable>package</replaceable>/changelog.Debian.gz</filename>, "
159 "<filename>/usr/share/doc/<replaceable>package</replaceable>/changelog.gz</filename> "
160 "for native packages."
163 # type: Content of: <chapter><section><para>
166 "The <filename>debian/changelog</filename> file conforms to a certain "
167 "structure, with a number of different fields. One field of note, the "
168 "<emphasis>distribution</emphasis>, is described in <xref "
169 "linkend=\"distribution\"/> . More information about the structure of this "
170 "file can be found in the Debian Policy section titled "
171 "<filename>debian/changelog</filename>."
174 # type: Content of: <chapter><section><para>
177 "Changelog entries can be used to automatically close Debian bugs when the "
178 "package is installed into the archive. See <xref "
179 "linkend=\"upload-bugfix\"/> ."
182 # type: Content of: <chapter><section><para>
185 "It is conventional that the changelog entry of a package that contains a new "
186 "upstream version of the software looks like this:"
189 # type: Content of: <chapter><section><screen>
192 msgid "* new upstream version"
195 # type: Content of: <chapter><section><para>
198 "There are tools to help you create entries and finalize the "
199 "<filename>changelog</filename> for release — see <xref "
200 "linkend=\"devscripts\"/> and <xref linkend=\"dpkg-dev-el\"/> ."
203 # type: Content of: <chapter><section><para>
205 msgid "See also <xref linkend=\"bpp-debian-changelog\"/> ."
208 # type: Content of: <chapter><section><title>
210 msgid "Testing the package"
213 # type: Content of: <chapter><section><para>
216 "Before you upload your package, you should do basic testing on it. At a "
217 "minimum, you should try the following activities (you'll need to have an "
218 "older version of the same Debian package around):"
221 # type: Content of: <chapter><section><itemizedlist><listitem><para>
224 "Install the package and make sure the software works, or upgrade the package "
225 "from an older version to your new version if a Debian package for it already "
229 # type: Content of: <chapter><section><itemizedlist><listitem><para>
232 "Run <command>lintian</command> over the package. You can run "
233 "<command>lintian</command> as follows: <literal>lintian -v "
234 "<replaceable>package-version</replaceable>.changes</literal>. This will "
235 "check the source package as well as the binary package. If you don't "
236 "understand the output that <command>lintian</command> generates, try adding "
237 "the <literal>-i</literal> switch, which will cause "
238 "<command>lintian</command> to output a very verbose description of the "
242 # type: Content of: <chapter><section><itemizedlist><listitem><para>
245 "Normally, a package should <emphasis>not</emphasis> be uploaded if it causes "
246 "lintian to emit errors (they will start with <literal>E</literal>)."
249 # type: Content of: <chapter><section><itemizedlist><listitem><para>
252 "For more information on <command>lintian</command>, see <xref "
253 "linkend=\"lintian\"/> ."
256 # type: Content of: <chapter><section><itemizedlist><listitem><para>
259 "Optionally run <xref linkend=\"debdiff\"/> to analyze changes from an older "
260 "version, if one exists."
263 # type: Content of: <chapter><section><itemizedlist><listitem><para>
266 "Downgrade the package to the previous version (if one exists) — this tests "
267 "the <filename>postrm</filename> and <filename>prerm</filename> scripts."
270 # type: Content of: <chapter><section><itemizedlist><listitem><para>
272 msgid "Remove the package, then reinstall it."
275 # type: Content of: <chapter><section><itemizedlist><listitem><para>
278 "Copy the source package in a different directory and try unpacking it and "
279 "rebuilding it. This tests if the package relies on existing files outside "
280 "of it, or if it relies on permissions being preserved on the files shipped "
281 "inside the .diff.gz file."
284 # type: Content of: <chapter><section><title>
286 msgid "Layout of the source package"
289 # type: Content of: <chapter><section><para>
291 msgid "There are two types of Debian source packages:"
294 # type: Content of: <chapter><section><itemizedlist><listitem><para>
297 "the so-called <emphasis>native</emphasis> packages, where there is no "
298 "distinction between the original sources and the patches applied for Debian"
301 # type: Content of: <chapter><section><itemizedlist><listitem><para>
304 "the (more common) packages where there's an original source tarball file "
305 "accompanied by another file that contains the patches applied for Debian"
308 # type: Content of: <chapter><section><para>
311 "For the native packages, the source package includes a Debian source control "
312 "file (<literal>.dsc</literal>) and the source tarball "
313 "(<literal>.tar.gz</literal>). A source package of a non-native package "
314 "includes a Debian source control file, the original source tarball "
315 "(<literal>.orig.tar.gz</literal>) and the Debian patches "
316 "(<literal>.diff.gz</literal>)."
319 # type: Content of: <chapter><section><para>
322 "Whether a package is native or not is determined when it is built by "
323 "<citerefentry> <refentrytitle>dpkg-buildpackage</refentrytitle> "
324 "<manvolnum>1</manvolnum> </citerefentry>. The rest of this section relates "
325 "only to non-native packages."
328 # type: Content of: <chapter><section><para>
331 "The first time a version is uploaded which corresponds to a particular "
332 "upstream version, the original source tar file should be uploaded and "
333 "included in the <filename>.changes</filename> file. Subsequently, this very "
334 "same tar file should be used to build the new diffs and "
335 "<filename>.dsc</filename> files, and will not need to be re-uploaded."
338 # type: Content of: <chapter><section><para>
341 "By default, <command>dpkg-genchanges</command> and "
342 "<command>dpkg-buildpackage</command> will include the original source tar "
343 "file if and only if the Debian revision part of the source version number is "
344 "0 or 1, indicating a new upstream version. This behavior may be modified by "
345 "using <literal>-sa</literal> to always include it or <literal>-sd</literal> "
346 "to always leave it out."
349 # type: Content of: <chapter><section><para>
352 "If no original source is included in the upload, the original source "
353 "tar-file used by <command>dpkg-source</command> when constructing the "
354 "<filename>.dsc</filename> file and diff to be uploaded "
355 "<emphasis>must</emphasis> be byte-for-byte identical with the one already in "
359 # type: Content of: <chapter><section><para>
362 "Please notice that, in non-native packages, permissions on files that are "
363 "not present in the .orig.tar.gz will not be preserved, as diff does not "
364 "store file permissions in the patch."
367 # type: Content of: <chapter><section><title>
369 msgid "Picking a distribution"
372 # type: Content of: <chapter><section><para>
375 "Each upload needs to specify which distribution the package is intended "
376 "for. The package build process extracts this information from the first "
377 "line of the <filename>debian/changelog</filename> file and places it in the "
378 "<literal>Distribution</literal> field of the <literal>.changes</literal> "
382 # type: Content of: <chapter><section><para>
385 "There are several possible values for this field: `stable', `unstable', "
386 "`testing-proposed-updates' and `experimental'. Normally, packages are "
387 "uploaded into <emphasis>unstable</emphasis>."
390 # type: Content of: <chapter><section><para>
393 "Actually, there are two other possible distributions: `stable-security' and "
394 "`testing-security', but read <xref linkend=\"bug-security\"/> for more "
395 "information on those."
398 # type: Content of: <chapter><section><para>
401 "It is not possible to upload a package into several distributions at the "
405 # type: Content of: <chapter><section><section><title>
407 msgid "Special case: uploads to the <emphasis>stable</emphasis> distribution"
410 # type: Content of: <chapter><section><section><para>
413 "Uploading to <emphasis>stable</emphasis> means that the package will "
414 "transfered to the <emphasis>p-u-new</emphasis>-queue for review by the "
415 "stable release managers, and if approved will be installed in "
416 "<filename>stable-proposed-updates</filename> directory of the Debian "
417 "archive. From there, it will be included in <emphasis>stable</emphasis> "
418 "with the next point release."
421 # type: Content of: <chapter><section><section><para>
424 "Extra care should be taken when uploading to <emphasis>stable</emphasis>. "
425 "Basically, a package should only be uploaded to stable if one of the "
429 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
431 msgid "a truly critical functionality problem"
434 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
436 msgid "the package becomes uninstallable"
439 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
441 msgid "a released architecture lacks the package"
444 # type: Content of: <chapter><section><section><para>
447 "In the past, uploads to <emphasis>stable</emphasis> were used to address "
448 "security problems as well. However, this practice is deprecated, as uploads "
449 "used for Debian security advisories are automatically copied to the "
450 "appropriate <filename>proposed-updates</filename> archive when the advisory "
451 "is released. See <xref linkend=\"bug-security\"/> for detailed information "
452 "on handling security problems."
455 # type: Content of: <chapter><section><section><para>
458 "Changing anything else in the package that isn't important is discouraged, "
459 "because even trivial fixes can cause bugs later on."
462 # type: Content of: <chapter><section><section><para>
465 "Packages uploaded to <emphasis>stable</emphasis> need to be compiled on "
466 "systems running <emphasis>stable</emphasis>, so that their dependencies are "
467 "limited to the libraries (and other packages) available in "
468 "<emphasis>stable</emphasis>; for example, a package uploaded to "
469 "<emphasis>stable</emphasis> that depends on a library package that only "
470 "exists in unstable will be rejected. Making changes to dependencies of "
471 "other packages (by messing with <literal>Provides</literal> or shlibs "
472 "files), possibly making those other packages uninstallable, is strongly "
476 # type: Content of: <chapter><section><section><para>
479 "The Release Team (which can be reached at "
480 "<email>debian-release@lists.debian.org</email>) will regularly evaluate the "
481 "uploads To <emphasis>stable-proposed-updates</emphasis> and decide if your "
482 "package can be included in <emphasis>stable</emphasis>. Please be clear "
483 "(and verbose, if necessary) in your changelog entries for uploads to "
484 "<emphasis>stable</emphasis>, because otherwise the package won't be "
485 "considered for inclusion."
488 # type: Content of: <chapter><section><section><para>
491 "It's best practice to speak with the stable release manager "
492 "<emphasis>before</emphasis> uploading to "
493 "<emphasis>stable</emphasis>/<emphasis>stable-proposed-updates</emphasis>, so "
494 "that the uploaded package fits the needs of the next point release."
497 # type: Content of: <chapter><section><section><title>
500 "Special case: uploads to "
501 "<emphasis>testing/testing-proposed-updates</emphasis>"
504 # type: Content of: <chapter><section><section><para>
507 "Please see the information in the <link linkend=\"t-p-u\">testing "
508 "section</link> for details."
511 # type: Content of: <chapter><section><title>
513 msgid "Uploading a package"
516 # type: Content of: <chapter><section><section><title>
518 msgid "Uploading to <literal>ftp-master</literal>"
521 # type: Content of: <chapter><section><section><para>
524 "To upload a package, you should upload the files (including the signed "
525 "changes and dsc-file) with anonymous ftp to "
526 "<literal>ftp-master.debian.org</literal> in the directory <ulink "
527 "url=\"ftp://ftp-master.debian.org/pub/UploadQueue/\">/pub/UploadQueue/</ulink>. "
528 "To get the files processed there, they need to be signed with a key in the "
532 # type: Content of: <chapter><section><section><para>
535 "Please note that you should transfer the changes file last. Otherwise, your "
536 "upload may be rejected because the archive maintenance software will parse "
537 "the changes file and see that not all files have been uploaded."
540 # type: Content of: <chapter><section><section><para>
543 "You may also find the Debian packages <xref linkend=\"dupload\"/> or <xref "
544 "linkend=\"dput\"/> useful when uploading packages. These handy programs "
545 "help automate the process of uploading packages into Debian."
548 # type: Content of: <chapter><section><section><para>
551 "For removing packages, please see the README file in that ftp directory, and "
552 "the Debian package <xref linkend=\"dcut\"/> ."
555 # type: Content of: <chapter><section><section><title>
557 msgid "Uploading to <literal>non-US</literal>"
560 # type: Content of: <chapter><section><section><para>
563 "<emphasis>Note:</emphasis> non-us was discontinued with the release of "
567 # type: Content of: <chapter><section><section><title>
569 msgid "Delayed uploads"
572 # type: Content of: <chapter><section><section><para>
575 "Delayed uploads are done for the moment via the delayed queue at gluck. The "
576 "upload-directory is "
577 "<literal>gluck:~tfheen/DELAYED/[012345678]-day</literal>. 0-day is uploaded "
578 "multiple times per day to ftp-master."
581 # type: Content of: <chapter><section><section><para>
583 msgid "With a fairly recent dput, this section"
586 # type: Content of: <chapter><section><section><screen>
592 "fqdn = gluck.debian.org\n"
596 # type: Content of: <chapter><section><section><para>
598 msgid "in ~/.dput.cf should work fine for uploading to the DELAYED queue."
601 # type: Content of: <chapter><section><section><para>
604 "<emphasis>Note:</emphasis> Since this upload queue goes to "
605 "<literal>ftp-master</literal>, the prescription found in <xref "
606 "linkend=\"upload-ftp-master\"/> applies here as well."
609 # type: Content of: <chapter><section><section><title>
611 msgid "Security uploads"
614 # type: Content of: <chapter><section><section><para>
617 "Do <emphasis role=\"strong\">NOT</emphasis> upload a package to the security "
618 "upload queue (oldstable-security, stable-security, etc.) without prior "
619 "authorization from the security team. If the package does not exactly meet "
620 "the team's requirements, it will cause many problems and delays in dealing "
621 "with the unwanted upload. For details, please see section <xref "
622 "linkend=\"bug-security\"/> ."
625 # type: Content of: <chapter><section><section><title>
627 msgid "Other upload queues"
630 # type: Content of: <chapter><section><section><para>
633 "The scp queues on ftp-master, and security are mostly unusable due to the "
634 "login restrictions on those hosts."
637 # type: Content of: <chapter><section><section><para>
640 "The anonymous queues on ftp.uni-erlangen.de and ftp.uk.debian.org are "
641 "currently down. Work is underway to resurrect them."
644 # type: Content of: <chapter><section><section><para>
647 "The queues on master.debian.org, samosa.debian.org, master.debian.or.jp, and "
648 "ftp.chiark.greenend.org.uk are down permanently, and will not be "
649 "resurrected. The queue in Japan will be replaced with a new queue on "
650 "hp.debian.or.jp some day."
653 # type: Content of: <chapter><section><section><para>
656 "For the time being, the anonymous ftp queue on auric.debian.org (the former "
657 "ftp-master) works, but it is deprecated and will be removed at some point in "
661 # type: Content of: <chapter><section><section><title>
663 msgid "Notification that a new package has been installed"
666 # type: Content of: <chapter><section><section><para>
669 "The Debian archive maintainers are responsible for handling package "
670 "uploads. For the most part, uploads are automatically handled on a daily "
671 "basis by the archive maintenance tools, <command>katie</command>. "
672 "Specifically, updates to existing packages to the `unstable' distribution "
673 "are handled automatically. In other cases, notably new packages, placing "
674 "the uploaded package into the distribution is handled manually. When "
675 "uploads are handled manually, the change to the archive may take up to a "
676 "month to occur. Please be patient."
679 # type: Content of: <chapter><section><section><para>
682 "In any case, you will receive an email notification indicating that the "
683 "package has been added to the archive, which also indicates which bugs will "
684 "be closed by the upload. Please examine this notification carefully, "
685 "checking if any bugs you meant to close didn't get triggered."
688 # type: Content of: <chapter><section><section><para>
691 "The installation notification also includes information on what section the "
692 "package was inserted into. If there is a disparity, you will receive a "
693 "separate email notifying you of that. Read on below."
696 # type: Content of: <chapter><section><section><para>
699 "Note that if you upload via queues, the queue daemon software will also send "
700 "you a notification by email."
703 # type: Content of: <chapter><section><title>
705 msgid "Specifying the package section, subsection and priority"
708 # type: Content of: <chapter><section><para>
711 "The <filename>debian/control</filename> file's <literal>Section</literal> "
712 "and <literal>Priority</literal> fields do not actually specify where the "
713 "file will be placed in the archive, nor its priority. In order to retain "
714 "the overall integrity of the archive, it is the archive maintainers who have "
715 "control over these fields. The values in the "
716 "<filename>debian/control</filename> file are actually just hints."
719 # type: Content of: <chapter><section><para>
722 "The archive maintainers keep track of the canonical sections and priorities "
723 "for packages in the <emphasis>override file</emphasis>. If there is a "
724 "disparity between the <emphasis>override file</emphasis> and the package's "
725 "fields as indicated in <filename>debian/control</filename>, then you will "
726 "receive an email noting the divergence when the package is installed into "
727 "the archive. You can either correct your "
728 "<filename>debian/control</filename> file for your next upload, or else you "
729 "may wish to make a change in the <emphasis>override file</emphasis>."
732 # type: Content of: <chapter><section><para>
735 "To alter the actual section that a package is put in, you need to first make "
736 "sure that the <filename>debian/control</filename> file in your package is "
737 "accurate. Next, send an email <email>override-change@debian.org</email> or "
738 "submit a bug against <systemitem "
739 "role=\"package\">ftp.debian.org</systemitem> requesting that the section or "
740 "priority for your package be changed from the old section or priority to the "
741 "new one. Be sure to explain your reasoning."
744 # type: Content of: <chapter><section><para>
747 "For more information about <emphasis>override files</emphasis>, see "
748 "<citerefentry> <refentrytitle>dpkg-scanpackages</refentrytitle> "
749 "<manvolnum>1</manvolnum> </citerefentry> and <ulink "
750 "url=\"http://www.debian.org/Bugs/Developer#maintincorrect\"></ulink>."
753 # type: Content of: <chapter><section><para>
756 "Note that the <literal>Section</literal> field describes both the section as "
757 "well as the subsection, which are described in <xref "
758 "linkend=\"archive-sections\"/> . If the section is main, it should be "
759 "omitted. The list of allowable subsections can be found in <ulink "
760 "url=\"http://www.debian.org/doc/debian-policy/ch-archive.html#s-subsections\"></ulink>."
763 # type: Content of: <chapter><section><title>
765 msgid "Handling bugs"
768 # type: Content of: <chapter><section><para>
771 "Every developer has to be able to work with the Debian <ulink "
772 "url=\"http://www.debian.org/Bugs/\">bug tracking system</ulink>. This "
773 "includes knowing how to file bug reports properly (see <xref "
774 "linkend=\"submit-bug\"/> ), how to update them and reorder them, and how to "
775 "process and close them."
778 # type: Content of: <chapter><section><para>
781 "The bug tracking system's features are described in the <ulink "
782 "url=\"http://www.debian.org/Bugs/Developer\">BTS documentation for "
783 "developers</ulink>. This includes closing bugs, sending followup messages, "
784 "assigning severities and tags, marking bugs as forwarded, and other issues."
787 # type: Content of: <chapter><section><para>
790 "Operations such as reassigning bugs to other packages, merging separate bug "
791 "reports about the same issue, or reopening bugs when they are prematurely "
792 "closed, are handled using the so-called control mail server. All of the "
793 "commands available on this server are described in the <ulink "
794 "url=\"http://www.debian.org/Bugs/server-control\">BTS control server "
795 "documentation</ulink>."
798 # type: Content of: <chapter><section><section><title>
800 msgid "Monitoring bugs"
803 # type: Content of: <chapter><section><section><para>
806 "If you want to be a good maintainer, you should periodically check the "
807 "<ulink url=\"http://www.debian.org/Bugs/\">Debian bug tracking system "
808 "(BTS)</ulink> for your packages. The BTS contains all the open bugs against "
809 "your packages. You can check them by browsing this page: "
810 "<literal>http://bugs.debian.org/<replaceable>yourlogin</replaceable>@debian.org</literal>."
813 # type: Content of: <chapter><section><section><para>
816 "Maintainers interact with the BTS via email addresses at "
817 "<literal>bugs.debian.org</literal>. Documentation on available commands can "
818 "be found at <ulink url=\"http://www.debian.org/Bugs/\"></ulink>, or, if you "
819 "have installed the <systemitem role=\"package\">doc-debian</systemitem> "
820 "package, you can look at the local files "
821 "<filename>/usr/share/doc/debian/bug-*</filename>."
824 # type: Content of: <chapter><section><section><para>
827 "Some find it useful to get periodic reports on open bugs. You can add a "
828 "cron job such as the following if you want to get a weekly email outlining "
829 "all the open bugs against your packages:"
832 # type: Content of: <chapter><section><section><screen>
836 "# ask for weekly reports of bugs in my packages\n"
837 "0 17 * * fri echo index maint <replaceable>address</replaceable> | mail "
838 "request@bugs.debian.org"
841 # type: Content of: <chapter><section><section><para>
844 "Replace <replaceable>address</replaceable> with your official Debian "
845 "maintainer address."
848 # type: Content of: <chapter><section><section><title>
850 msgid "Responding to bugs"
853 # type: Content of: <chapter><section><section><para>
856 "When responding to bugs, make sure that any discussion you have about bugs "
857 "is sent both to the original submitter of the bug, and to the bug itself "
858 "(e.g., <email>123@bugs.debian.org</email>). If you're writing a new mail "
859 "and you don't remember the submitter email address, you can use the "
860 "<email>123-submitter@bugs.debian.org</email> email to contact the submitter "
861 "<emphasis>and</emphasis> to record your mail within the bug log (that means "
862 "you don't need to send a copy of the mail to "
863 "<email>123@bugs.debian.org</email>)."
866 # type: Content of: <chapter><section><section><para>
869 "If you get a bug which mentions FTBFS, this means Fails to build from "
870 "source. Porters frequently use this acronym."
873 # type: Content of: <chapter><section><section><para>
876 "Once you've dealt with a bug report (e.g. fixed it), mark it as "
877 "<emphasis>done</emphasis> (close it) by sending an explanation message to "
878 "<email>123-done@bugs.debian.org</email>. If you're fixing a bug by changing "
879 "and uploading the package, you can automate bug closing as described in "
880 "<xref linkend=\"upload-bugfix\"/> ."
883 # type: Content of: <chapter><section><section><para>
886 "You should <emphasis>never</emphasis> close bugs via the bug server "
887 "<literal>close</literal> command sent to "
888 "<email>control@bugs.debian.org</email>. If you do so, the original "
889 "submitter will not receive any information about why the bug was closed."
892 # type: Content of: <chapter><section><section><title>
894 msgid "Bug housekeeping"
897 # type: Content of: <chapter><section><section><para>
900 "As a package maintainer, you will often find bugs in other packages or have "
901 "bugs reported against your packages which are actually bugs in other "
902 "packages. The bug tracking system's features are described in the <ulink "
903 "url=\"http://www.debian.org/Bugs/Developer\">BTS documentation for Debian "
904 "developers</ulink>. Operations such as reassigning, merging, and tagging "
905 "bug reports are described in the <ulink "
906 "url=\"http://www.debian.org/Bugs/server-control\">BTS control server "
907 "documentation</ulink>. This section contains some guidelines for managing "
908 "your own bugs, based on the collective Debian developer experience."
911 # type: Content of: <chapter><section><section><para>
914 "Filing bugs for problems that you find in other packages is one of the civic "
915 "obligations of maintainership, see <xref linkend=\"submit-bug\"/> for "
916 "details. However, handling the bugs in your own packages is even more "
920 # type: Content of: <chapter><section><section><para>
922 msgid "Here's a list of steps that you may follow to handle a bug report:"
925 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
928 "Decide whether the report corresponds to a real bug or not. Sometimes users "
929 "are just calling a program in the wrong way because they haven't read the "
930 "documentation. If you diagnose this, just close the bug with enough "
931 "information to let the user correct their problem (give pointers to the good "
932 "documentation and so on). If the same report comes up again and again you "
933 "may ask yourself if the documentation is good enough or if the program "
934 "shouldn't detect its misuse in order to give an informative error message. "
935 "This is an issue that may need to be brought up with the upstream author."
938 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
941 "If the bug submitter disagrees with your decision to close the bug, they may "
942 "reopen it until you find an agreement on how to handle it. If you don't "
943 "find any, you may want to tag the bug <literal>wontfix</literal> to let "
944 "people know that the bug exists but that it won't be corrected. If this "
945 "situation is unacceptable, you (or the submitter) may want to require a "
946 "decision of the technical committee by reassigning the bug to <systemitem "
947 "role=\"package\">tech-ctte</systemitem> (you may use the clone command of "
948 "the BTS if you wish to keep it reported against your package). Before doing "
949 "so, please read the <ulink "
950 "url=\"http://www.debian.org/devel/tech-ctte\">recommended procedure</ulink>."
953 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
956 "If the bug is real but it's caused by another package, just reassign the bug "
957 "to the right package. If you don't know which package it should be "
958 "reassigned to, you should ask for help on <link "
959 "linkend=\"irc-channels\">IRC</link> or on "
960 "<email>debian-devel@lists.debian.org</email>. Please make sure that the "
961 "maintainer(s) of the package the bug is reassigned to know why you "
965 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
968 "Sometimes you also have to adjust the severity of the bug so that it matches "
969 "our definition of the severity. That's because people tend to inflate the "
970 "severity of bugs to make sure their bugs are fixed quickly. Some bugs may "
971 "even be dropped to wishlist severity when the requested change is just "
975 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
978 "If the bug is real but the same problem has already been reported by someone "
979 "else, then the two relevant bug reports should be merged into one using the "
980 "merge command of the BTS. In this way, when the bug is fixed, all of the "
981 "submitters will be informed of this. (Note, however, that emails sent to "
982 "one bug report's submitter won't automatically be sent to the other report's "
983 "submitter.) For more details on the technicalities of the merge command and "
984 "its relative, the unmerge command, see the BTS control server documentation."
987 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
990 "The bug submitter may have forgotten to provide some information, in which "
991 "case you have to ask them for the required information. You may use the "
992 "<literal>moreinfo</literal> tag to mark the bug as such. Moreover if you "
993 "can't reproduce the bug, you tag it <literal>unreproducible</literal>. "
994 "Anyone who can reproduce the bug is then invited to provide more information "
995 "on how to reproduce it. After a few months, if this information has not "
996 "been sent by someone, the bug may be closed."
999 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
1002 "If the bug is related to the packaging, you just fix it. If you are not "
1003 "able to fix it yourself, then tag the bug as <literal>help</literal>. You "
1004 "can also ask for help on <email>debian-devel@lists.debian.org</email> or "
1005 "<email>debian-qa@lists.debian.org</email>. If it's an upstream problem, you "
1006 "have to forward it to the upstream author. Forwarding a bug is not enough, "
1007 "you have to check at each release if the bug has been fixed or not. If it "
1008 "has, you just close it, otherwise you have to remind the author about it. "
1009 "If you have the required skills you can prepare a patch that fixes the bug "
1010 "and send it to the author at the same time. Make sure to send the patch to "
1011 "the BTS and to tag the bug as <literal>patch</literal>."
1014 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
1017 "If you have fixed a bug in your local copy, or if a fix has been committed "
1018 "to the CVS repository, you may tag the bug as <literal>pending</literal> to "
1019 "let people know that the bug is corrected and that it will be closed with "
1020 "the next upload (add the <literal>closes:</literal> in the "
1021 "<filename>changelog</filename>). This is particularly useful if you are "
1022 "several developers working on the same package."
1025 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
1028 "Once a corrected package is available in the <emphasis>unstable</emphasis> "
1029 "distribution, you can close the bug. This can be done automatically, read "
1030 "<xref linkend=\"upload-bugfix\"/> ."
1033 # type: Content of: <chapter><section><section><title>
1035 msgid "When bugs are closed by new uploads"
1038 # type: Content of: <chapter><section><section><para>
1041 "As bugs and problems are fixed in your packages, it is your responsibility "
1042 "as the package maintainer to close these bugs. However, you should not "
1043 "close a bug until the package which fixes the bug has been accepted into the "
1044 "Debian archive. Therefore, once you get notification that your updated "
1045 "package has been installed into the archive, you can and should close the "
1046 "bug in the BTS. Also, the bug should be closed with the correct version."
1049 # type: Content of: <chapter><section><section><para>
1052 "However, it's possible to avoid having to manually close bugs after the "
1053 "upload — just list the fixed bugs in your "
1054 "<filename>debian/changelog</filename> file, following a certain syntax, and "
1055 "the archive maintenance software will close the bugs for you. For example:"
1058 # type: Content of: <chapter><section><section><screen>
1062 "-cannon (3.1415) unstable; urgency=low\n"
1064 " * Frobbed with options (closes: Bug#98339)\n"
1065 " * Added safety to prevent operator dismemberment, closes: bug#98765,\n"
1066 " bug#98713, #98714.\n"
1067 " * Added man page. Closes: #98725."
1070 # type: Content of: <chapter><section><section><para>
1073 "Technically speaking, the following Perl regular expression describes how "
1074 "bug closing changelogs are identified:"
1077 # type: Content of: <chapter><section><section><screen>
1080 msgid "/closes:\\s*(?:bug)?\\#\\s*\\d+(?:,\\s*(?:bug)?\\#\\s*\\d+)*/ig"
1083 # type: Content of: <chapter><section><section><para>
1086 "We prefer the <literal>closes: #<replaceable>XXX</replaceable></literal> "
1087 "syntax, as it is the most concise entry and the easiest to integrate with "
1088 "the text of the <filename>changelog</filename>. Unless specified different "
1089 "by the <replaceable>-v</replaceable>-switch to "
1090 "<command>dpkg-buildpackage</command>, only the bugs closed in the most "
1091 "recent changelog entry are closed (basically, exactly the bugs mentioned in "
1092 "the changelog-part in the <filename>.changes</filename> file are closed)."
1095 # type: Content of: <chapter><section><section><para>
1098 "Historically, uploads identified as <link linkend=\"nmu\">Non-maintainer "
1099 "upload (NMU)</link> were tagged <literal>fixed</literal> instead of being "
1100 "closed, but that practice was ceased with the advent of version-tracking. "
1101 "The same applied to the tag <literal>fixed-in-experimental</literal>."
1104 # type: Content of: <chapter><section><section><para>
1107 "If you happen to mistype a bug number or forget a bug in the changelog "
1108 "entries, don't hesitate to undo any damage the error caused. To reopen "
1109 "wrongly closed bugs, send a <literal>reopen "
1110 "<replaceable>XXX</replaceable></literal> command to the bug tracking "
1111 "system's control address, <email>control@bugs.debian.org</email>. To close "
1112 "any remaining bugs that were fixed by your upload, email the "
1113 "<filename>.changes</filename> file to "
1114 "<email>XXX-done@bugs.debian.org</email>, where "
1115 "<replaceable>XXX</replaceable> is the bug number, and put Version: YYY and "
1116 "an empty line as the first two lines of the body of the email, where "
1117 "<replaceable>YYY</replaceable> is the first version where the bug has been "
1121 # type: Content of: <chapter><section><section><para>
1124 "Bear in mind that it is not obligatory to close bugs using the changelog as "
1125 "described above. If you simply want to close bugs that don't have anything "
1126 "to do with an upload you made, do it by emailing an explanation to "
1127 "<email>XXX-done@bugs.debian.org</email>. Do <emphasis "
1128 "role=\"strong\">not</emphasis> close bugs in the changelog entry of a "
1129 "version if the changes in that version of the package don't have any bearing "
1133 # type: Content of: <chapter><section><section><para>
1136 "For general information on how to write your changelog entries, see <xref "
1137 "linkend=\"bpp-debian-changelog\"/> ."
1140 # type: Content of: <chapter><section><section><title>
1142 msgid "Handling security-related bugs"
1145 # type: Content of: <chapter><section><section><para>
1148 "Due to their sensitive nature, security-related bugs must be handled "
1149 "carefully. The Debian Security Team exists to coordinate this activity, "
1150 "keeping track of outstanding security problems, helping maintainers with "
1151 "security problems or fixing them themselves, sending security advisories, "
1152 "and maintaining security.debian.org."
1155 # type: Content of: <chapter><section><section><para>
1158 "When you become aware of a security-related bug in a Debian package, whether "
1159 "or not you are the maintainer, collect pertinent information about the "
1160 "problem, and promptly contact the security team at "
1161 "<email>team@security.debian.org</email> as soon as possible. <emphasis "
1162 "role=\"strong\">DO NOT UPLOAD</emphasis> any packages for stable; the "
1163 "security team will do that. Useful information includes, for example:"
1166 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
1169 "Which versions of the package are known to be affected by the bug. Check "
1170 "each version that is present in a supported Debian release, as well as "
1171 "testing and unstable."
1174 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
1176 msgid "The nature of the fix, if any is available (patches are especially helpful)"
1179 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
1182 "Any fixed packages that you have prepared yourself (send only the "
1183 "<literal>.diff.gz</literal> and <literal>.dsc</literal> files and read <xref "
1184 "linkend=\"bug-security-building\"/> first)"
1187 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
1190 "Any assistance you can provide to help with testing (exploits, regression "
1194 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
1197 "Any information needed for the advisory (see <xref "
1198 "linkend=\"bug-security-advisories\"/> )"
1201 # type: Content of: <chapter><section><section><section><title>
1203 msgid "Confidentiality"
1206 # type: Content of: <chapter><section><section><section><para>
1209 "Unlike most other activities within Debian, information about security "
1210 "issues must sometimes be kept private for a time. This allows software "
1211 "distributors to coordinate their disclosure in order to minimize their "
1212 "users' exposure. Whether this is the case depends on the nature of the "
1213 "problem and corresponding fix, and whether it is already a matter of public "
1217 # type: Content of: <chapter><section><section><section><para>
1219 msgid "There are several ways developers can learn of a security problem:"
1222 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1224 msgid "they notice it on a public forum (mailing list, web site, etc.)"
1227 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1229 msgid "someone files a bug report"
1232 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1234 msgid "someone informs them via private email"
1237 # type: Content of: <chapter><section><section><section><para>
1240 "In the first two cases, the information is public and it is important to "
1241 "have a fix as soon as possible. In the last case, however, it might not be "
1242 "public information. In that case there are a few possible options for "
1243 "dealing with the problem:"
1246 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1249 "If the security exposure is minor, there is sometimes no need to keep the "
1250 "problem a secret and a fix should be made and released."
1253 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1256 "If the problem is severe, it is preferable to share the information with "
1257 "other vendors and coordinate a release. The security team keeps in contact "
1258 "with the various organizations and individuals and can take care of that."
1261 # type: Content of: <chapter><section><section><section><para>
1264 "In all cases if the person who reports the problem asks that it not be "
1265 "disclosed, such requests should be honored, with the obvious exception of "
1266 "informing the security team in order that a fix may be produced for a stable "
1267 "release of Debian. When sending confidential information to the security "
1268 "team, be sure to mention this fact."
1271 # type: Content of: <chapter><section><section><section><para>
1274 "Please note that if secrecy is needed you may not upload a fix to unstable "
1275 "(or anywhere else, such as a public CVS repository). It is not sufficient "
1276 "to obfuscate the details of the change, as the code itself is public, and "
1277 "can (and will) be examined by the general public."
1280 # type: Content of: <chapter><section><section><section><para>
1283 "There are two reasons for releasing information even though secrecy is "
1284 "requested: the problem has been known for a while, or the problem or exploit "
1285 "has become public."
1288 # type: Content of: <chapter><section><section><section><title>
1290 msgid "Security Advisories"
1293 # type: Content of: <chapter><section><section><section><para>
1296 "Security advisories are only issued for the current, released stable "
1297 "distribution, and <emphasis>not</emphasis> for testing or unstable. When "
1298 "released, advisories are sent to the "
1299 "<email>debian-security-announce@lists.debian.org</email> mailing list and "
1300 "posted on <ulink url=\"http://www.debian.org/security/\">the security web "
1301 "page</ulink>. Security advisories are written and posted by the security "
1302 "team. However they certainly do not mind if a maintainer can supply some of "
1303 "the information for them, or write part of the text. Information that "
1304 "should be in an advisory includes:"
1307 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1309 msgid "A description of the problem and its scope, including:"
1312 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><itemizedlist><listitem><para>
1314 msgid "The type of problem (privilege escalation, denial of service, etc.)"
1317 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><itemizedlist><listitem><para>
1319 msgid "What privileges may be gained, and by whom (if any)"
1322 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><itemizedlist><listitem><para>
1324 msgid "How it can be exploited"
1327 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><itemizedlist><listitem><para>
1329 msgid "Whether it is remotely or locally exploitable"
1332 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><itemizedlist><listitem><para>
1334 msgid "How the problem was fixed"
1337 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1339 msgid "This information allows users to assess the threat to their systems."
1342 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1344 msgid "Version numbers of affected packages"
1347 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1349 msgid "Version numbers of fixed packages"
1352 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1355 "Information on where to obtain the updated packages (usually from the Debian "
1359 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1362 "References to upstream advisories, <ulink "
1363 "url=\"http://cve.mitre.org\">CVE</ulink> identifiers, and any other "
1364 "information useful in cross-referencing the vulnerability"
1367 # type: Content of: <chapter><section><section><section><title>
1369 msgid "Preparing packages to address security issues"
1372 # type: Content of: <chapter><section><section><section><para>
1375 "One way that you can assist the security team in their duties is to provide "
1376 "them with fixed packages suitable for a security advisory for the stable "
1380 # type: Content of: <chapter><section><section><section><para>
1383 "When an update is made to the stable release, care must be taken to avoid "
1384 "changing system behavior or introducing new bugs. In order to do this, make "
1385 "as few changes as possible to fix the bug. Users and administrators rely on "
1386 "the exact behavior of a release once it is made, so any change that is made "
1387 "might break someone's system. This is especially true of libraries: make "
1388 "sure you never change the API or ABI, no matter how small the change."
1391 # type: Content of: <chapter><section><section><section><para>
1394 "This means that moving to a new upstream version is not a good solution. "
1395 "Instead, the relevant changes should be back-ported to the version present "
1396 "in the current stable Debian release. Generally, upstream maintainers are "
1397 "willing to help if needed. If not, the Debian security team may be able to "
1401 # type: Content of: <chapter><section><section><section><para>
1404 "In some cases, it is not possible to back-port a security fix, for example "
1405 "when large amounts of source code need to be modified or rewritten. If this "
1406 "happens, it may be necessary to move to a new upstream version. However, "
1407 "this is only done in extreme situations, and you must always coordinate that "
1408 "with the security team beforehand."
1411 # type: Content of: <chapter><section><section><section><para>
1414 "Related to this is another important guideline: always test your changes. "
1415 "If you have an exploit available, try it and see if it indeed succeeds on "
1416 "the unpatched package and fails on the fixed package. Test other, normal "
1417 "actions as well, as sometimes a security fix can break seemingly unrelated "
1418 "features in subtle ways."
1421 # type: Content of: <chapter><section><section><section><para>
1424 "Do <emphasis role=\"strong\">NOT</emphasis> include any changes in your "
1425 "package which are not directly related to fixing the vulnerability. These "
1426 "will only need to be reverted, and this wastes time. If there are other "
1427 "bugs in your package that you would like to fix, make an upload to "
1428 "proposed-updates in the usual way, after the security advisory is issued. "
1429 "The security update mechanism is not a means for introducing changes to your "
1430 "package which would otherwise be rejected from the stable release, so please "
1431 "do not attempt to do this."
1434 # type: Content of: <chapter><section><section><section><para>
1437 "Review and test your changes as much as possible. Check the differences "
1438 "from the previous version repeatedly (<command>interdiff</command> from the "
1439 "<systemitem role=\"package\">patchutils</systemitem> package and "
1440 "<command>debdiff</command> from <systemitem "
1441 "role=\"package\">devscripts</systemitem> are useful tools for this, see "
1442 "<xref linkend=\"debdiff\"/> )."
1445 # type: Content of: <chapter><section><section><section><para>
1447 msgid "Be sure to verify the following items:"
1450 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1453 "Target the right distribution in your "
1454 "<filename>debian/changelog</filename>. For stable this is "
1455 "<literal>stable-security</literal> and for testing this is "
1456 "<literal>testing-security</literal>, and for the previous stable release, "
1457 "this is <literal>oldstable-security</literal>. Do not target "
1458 "<replaceable>distribution</replaceable>-proposed-updates or "
1459 "<literal>stable</literal>!"
1462 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1464 msgid "The upload should have urgency=high."
1467 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1470 "Make descriptive, meaningful changelog entries. Others will rely on them to "
1471 "determine whether a particular bug was fixed. Always include an external "
1472 "reference, preferably a CVE identifier, so that it can be cross-referenced. "
1473 "Include the same information in the changelog for unstable, so that it is "
1474 "clear that the same bug was fixed, as this is very helpful when verifying "
1475 "that the bug is fixed in the next stable release. If a CVE identifier has "
1476 "not yet been assigned, the security team will request one so that it can be "
1477 "included in the package and in the advisory."
1480 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1483 "Make sure the version number is proper. It must be greater than the current "
1484 "package, but less than package versions in later distributions. If in "
1485 "doubt, test it with <literal>dpkg --compare-versions</literal>. Be careful "
1486 "not to re-use a version number that you have already used for a previous "
1487 "upload. For <emphasis>testing</emphasis>, there must be a higher version in "
1488 "<emphasis>unstable</emphasis>. If there is none yet (for example, if "
1489 "<emphasis>testing</emphasis> and <emphasis>unstable</emphasis> have the same "
1490 "version) you must upload a new version to unstable first."
1493 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1496 "Do not make source-only uploads if your package has any binary-all packages "
1497 "(do not use the <literal>-S</literal> option to "
1498 "<command>dpkg-buildpackage</command>). The <command>buildd</command> "
1499 "infrastructure will not build those. This point applies to normal package "
1503 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1506 "Unless the upstream source has been uploaded to security.debian.org before "
1507 "(by a previous security update), build the upload with full upstream source "
1508 "(<literal>dpkg-buildpackage -sa</literal>). If there has been a previous "
1509 "upload to security.debian.org with the same upstream version, you may upload "
1510 "without upstream source (<literal>dpkg-buildpackage -sd</literal>)."
1513 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1516 "Be sure to use the exact same <filename>*.orig.tar.gz</filename> as used in "
1517 "the normal archive, otherwise it is not possible to move the security fix "
1518 "into the main archives later."
1521 # type: Content of: <chapter><section><section><section><itemizedlist><listitem><para>
1524 "Build the package on a clean system which only has packages installed from "
1525 "the distribution you are building for. If you do not have such a system "
1526 "yourself, you can use a debian.org machine (see <xref "
1527 "linkend=\"server-machines\"/> ) or setup a chroot (see <xref "
1528 "linkend=\"pbuilder\"/> and <xref linkend=\"debootstrap\"/> )."
1531 # type: Content of: <chapter><section><section><section><title>
1533 msgid "Uploading the fixed package"
1536 # type: Content of: <chapter><section><section><section><para>
1539 "Do <emphasis role=\"strong\">NOT</emphasis> upload a package to the security "
1540 "upload queue (oldstable-security, stable-security, etc.) without prior "
1541 "authorization from the security team. If the package does not exactly meet "
1542 "the team's requirements, it will cause many problems and delays in dealing "
1543 "with the unwanted upload."
1546 # type: Content of: <chapter><section><section><section><para>
1549 "Do <emphasis role=\"strong\">NOT</emphasis> upload your fix to "
1550 "proposed-updates without coordinating with the security team. Packages from "
1551 "security.debian.org will be copied into the proposed-updates directory "
1552 "automatically. If a package with the same or a higher version number is "
1553 "already installed into the archive, the security update will be rejected by "
1554 "the archive system. That way, the stable distribution will end up without a "
1555 "security update for this package instead."
1558 # type: Content of: <chapter><section><section><section><para>
1561 "Once you have created and tested the new package and it has been approved by "
1562 "the security team, it needs to be uploaded so that it can be installed in "
1563 "the archives. For security uploads, the place to upload to is "
1564 "<literal>ftp://security-master.debian.org/pub/SecurityUploadQueue/</literal> "
1568 # type: Content of: <chapter><section><section><section><para>
1571 "Once an upload to the security queue has been accepted, the package will "
1572 "automatically be rebuilt for all architectures and stored for verification "
1573 "by the security team."
1576 # type: Content of: <chapter><section><section><section><para>
1579 "Uploads which are waiting for acceptance or verification are only accessible "
1580 "by the security team. This is necessary since there might be fixes for "
1581 "security problems that cannot be disclosed yet."
1584 # type: Content of: <chapter><section><section><section><para>
1587 "If a member of the security team accepts a package, it will be installed on "
1588 "security.debian.org as well as proposed for the proper "
1589 "<replaceable>distribution</replaceable>-proposed-updates on ftp-master."
1592 # type: Content of: <chapter><section><title>
1594 msgid "Moving, removing, renaming, adopting, and orphaning packages"
1597 # type: Content of: <chapter><section><para>
1600 "Some archive manipulation operations are not automated in the Debian upload "
1601 "process. These procedures should be manually followed by maintainers. This "
1602 "chapter gives guidelines on what to do in these cases."
1605 # type: Content of: <chapter><section><section><title>
1607 msgid "Moving packages"
1610 # type: Content of: <chapter><section><section><para><footnote>
1613 "Sometimes a package will change its section. For instance, a package from "
1614 "the `non-free' section might be GPL'd in a later version, in which case the "
1615 "package should be moved to `main' or `contrib'.<footnote>"
1618 # type: Content of: <chapter><section><section><para><footnote><para>
1621 "See the <ulink url=\"http://www.debian.org/doc/debian-policy/\">Debian "
1622 "Policy Manual</ulink> for guidelines on what section a package belongs in."
1625 # type: Content of: <chapter><section><section><para>
1628 "If you need to change the section for one of your packages, change the "
1629 "package control information to place the package in the desired section, and "
1630 "re-upload the package (see the <ulink "
1631 "url=\"http://www.debian.org/doc/debian-policy/\">Debian Policy "
1632 "Manual</ulink> for details). You must ensure that you include the "
1633 "<filename>.orig.tar.gz</filename> in your upload (even if you are not "
1634 "uploading a new upstream version), or it will not appear in the new section "
1635 "together with the rest of the package. If your new section is valid, it "
1636 "will be moved automatically. If it does not, then contact the ftpmasters in "
1637 "order to understand what happened."
1640 # type: Content of: <chapter><section><section><para>
1643 "If, on the other hand, you need to change the "
1644 "<emphasis>subsection</emphasis> of one of your packages (e.g., ``devel'', "
1645 "``admin''), the procedure is slightly different. Correct the subsection as "
1646 "found in the control file of the package, and re-upload that. Also, you'll "
1647 "need to get the override file updated, as described in <xref "
1648 "linkend=\"override-file\"/> ."
1651 # type: Content of: <chapter><section><section><title>
1653 msgid "Removing packages"
1656 # type: Content of: <chapter><section><section><para>
1659 "If for some reason you want to completely remove a package (say, if it is an "
1660 "old compatibility library which is no longer required), you need to file a "
1661 "bug against <literal>ftp.debian.org</literal> asking that the package be "
1662 "removed; as all bugs, this bug should normally have normal severity. Make "
1663 "sure you indicate which distribution the package should be removed from. "
1664 "Normally, you can only have packages removed from "
1665 "<emphasis>unstable</emphasis> and <emphasis>experimental</emphasis>. "
1666 "Packages are not removed from <emphasis>testing</emphasis> directly. "
1667 "Rather, they will be removed automatically after the package has been "
1668 "removed from <emphasis>unstable</emphasis> and no package in "
1669 "<emphasis>testing</emphasis> depends on it."
1672 # type: Content of: <chapter><section><section><para>
1675 "There is one exception when an explicit removal request is not necessary: If "
1676 "a (source or binary) package is an orphan, it will be removed "
1677 "semi-automatically. For a binary-package, this means if there is no longer "
1678 "any source package producing this binary package; if the binary package is "
1679 "just no longer produced on some architectures, a removal request is still "
1680 "necessary. For a source-package, this means that all binary packages it "
1681 "refers to have been taken over by another source package."
1684 # type: Content of: <chapter><section><section><para>
1687 "In your removal request, you have to detail the reasons justifying the "
1688 "request. This is to avoid unwanted removals and to keep a trace of why a "
1689 "package has been removed. For example, you can provide the name of the "
1690 "package that supersedes the one to be removed."
1693 # type: Content of: <chapter><section><section><para>
1696 "Usually you only ask for the removal of a package maintained by yourself. "
1697 "If you want to remove another package, you have to get the approval of its "
1701 # type: Content of: <chapter><section><section><para>
1704 "Further information relating to these and other package removal related "
1705 "topics may be found at <ulink "
1706 "url=\"http://wiki.debian.org/ftpmaster_Removals\"></ulink> and <ulink "
1707 "url=\"http://qa.debian.org/howto-remove.html\"></ulink>."
1710 # type: Content of: <chapter><section><section><para>
1713 "If in doubt concerning whether a package is disposable, email "
1714 "<email>debian-devel@lists.debian.org</email> asking for opinions. Also of "
1715 "interest is the <command>apt-cache</command> program from the <systemitem "
1716 "role=\"package\">apt</systemitem> package. When invoked as "
1717 "<literal>apt-cache showpkg <replaceable>package</replaceable></literal>, the "
1718 "program will show details for <replaceable>package</replaceable>, including "
1719 "reverse depends. Other useful programs include <literal>apt-cache "
1720 "rdepends</literal>, <command>apt-rdepends</command> and "
1721 "<command>grep-dctrl</command>. Removal of orphaned packages is discussed on "
1722 "<email>debian-qa@lists.debian.org</email>."
1725 # type: Content of: <chapter><section><section><para>
1728 "Once the package has been removed, the package's bugs should be handled. "
1729 "They should either be reassigned to another package in the case where the "
1730 "actual code has evolved into another package (e.g. "
1731 "<literal>libfoo12</literal> was removed because <literal>libfoo13</literal> "
1732 "supersedes it) or closed if the software is simply no longer part of Debian."
1735 # type: Content of: <chapter><section><section><section><title>
1737 msgid "Removing packages from <filename>Incoming</filename>"
1740 # type: Content of: <chapter><section><section><section><para>
1743 "In the past, it was possible to remove packages from "
1744 "<filename>incoming</filename>. However, with the introduction of the new "
1745 "incoming system, this is no longer possible. Instead, you have to upload a "
1746 "new revision of your package with a higher version than the package you want "
1747 "to replace. Both versions will be installed in the archive but only the "
1748 "higher version will actually be available in <emphasis>unstable</emphasis> "
1749 "since the previous version will immediately be replaced by the higher. "
1750 "However, if you do proper testing of your packages, the need to replace a "
1751 "package should not occur too often anyway."
1754 # type: Content of: <chapter><section><section><title>
1756 msgid "Replacing or renaming packages"
1759 # type: Content of: <chapter><section><section><para>
1762 "When you make a mistake naming your package, you should follow a two-step "
1763 "process to rename it. First, set your <filename>debian/control</filename> "
1764 "file to replace and conflict with the obsolete name of the package (see the "
1765 "<ulink url=\"http://www.debian.org/doc/debian-policy/\">Debian Policy "
1766 "Manual</ulink> for details). Once you've uploaded the package and the "
1767 "package has moved into the archive, file a bug against "
1768 "<literal>ftp.debian.org</literal> asking to remove the package with the "
1769 "obsolete name. Do not forget to properly reassign the package's bugs at the "
1773 # type: Content of: <chapter><section><section><para>
1776 "At other times, you may make a mistake in constructing your package and wish "
1777 "to replace it. The only way to do this is to increase the version number "
1778 "and upload a new version. The old version will be expired in the usual "
1779 "manner. Note that this applies to each part of your package, including the "
1780 "sources: if you wish to replace the upstream source tarball of your package, "
1781 "you will need to upload it with a different version. An easy possibility is "
1782 "to replace <filename>foo_1.00.orig.tar.gz</filename> with "
1783 "<filename>foo_1.00+0.orig.tar.gz</filename>. This restriction gives each "
1784 "file on the ftp site a unique name, which helps to ensure consistency across "
1785 "the mirror network."
1788 # type: Content of: <chapter><section><section><title>
1790 msgid "Orphaning a package"
1793 # type: Content of: <chapter><section><section><para>
1796 "If you can no longer maintain a package, you need to inform others, and see "
1797 "that the package is marked as orphaned. You should set the package "
1798 "maintainer to <literal>Debian QA Group "
1799 "<packages@qa.debian.org></literal> and submit a bug report against the "
1800 "pseudo package <systemitem role=\"package\">wnpp</systemitem>. The bug "
1801 "report should be titled <literal>O: <replaceable>package</replaceable> -- "
1802 "<replaceable>short description</replaceable></literal> indicating that the "
1803 "package is now orphaned. The severity of the bug should be set to "
1804 "<emphasis>normal</emphasis>; if the package has a priority of standard or "
1805 "higher, it should be set to important. If you feel it's necessary, send a "
1806 "copy to <email>debian-devel@lists.debian.org</email> by putting the address "
1807 "in the X-Debbugs-CC: header of the message (no, don't use CC:, because that "
1808 "way the message's subject won't indicate the bug number)."
1811 # type: Content of: <chapter><section><section><para>
1814 "If you just intend to give the package away, but you can keep maintainership "
1815 "for the moment, then you should instead submit a bug against <systemitem "
1816 "role=\"package\">wnpp</systemitem> and title it <literal>RFA: "
1817 "<replaceable>package</replaceable> -- <replaceable>short "
1818 "description</replaceable></literal>. <literal>RFA</literal> stands for "
1819 "<emphasis>Request For Adoption</emphasis>."
1822 # type: Content of: <chapter><section><section><para>
1825 "More information is on the <ulink "
1826 "url=\"http://www.debian.org/devel/wnpp/\">WNPP web pages</ulink>."
1829 # type: Content of: <chapter><section><section><title>
1831 msgid "Adopting a package"
1834 # type: Content of: <chapter><section><section><para>
1837 "A list of packages in need of a new maintainer is available in the <ulink "
1838 "url=\"http://www.debian.org/devel/wnpp/\">Work-Needing and Prospective "
1839 "Packages list (WNPP)</ulink>. If you wish to take over maintenance of any "
1840 "of the packages listed in the WNPP, please take a look at the aforementioned "
1841 "page for information and procedures."
1844 # type: Content of: <chapter><section><section><para>
1847 "It is not OK to simply take over a package that you feel is neglected — that "
1848 "would be package hijacking. You can, of course, contact the current "
1849 "maintainer and ask them if you may take over the package. If you have "
1850 "reason to believe a maintainer has gone AWOL (absent without leave), see "
1851 "<xref linkend=\"mia-qa\"/> ."
1854 # type: Content of: <chapter><section><section><para>
1857 "Generally, you may not take over the package without the assent of the "
1858 "current maintainer. Even if they ignore you, that is still not grounds to "
1859 "take over a package. Complaints about maintainers should be brought up on "
1860 "the developers' mailing list. If the discussion doesn't end with a positive "
1861 "conclusion, and the issue is of a technical nature, consider bringing it to "
1862 "the attention of the technical committee (see the <ulink "
1863 "url=\"http://www.debian.org/devel/tech-ctte\">technical committee web "
1864 "page</ulink> for more information)."
1867 # type: Content of: <chapter><section><section><para>
1870 "If you take over an old package, you probably want to be listed as the "
1871 "package's official maintainer in the bug system. This will happen "
1872 "automatically once you upload a new version with an updated "
1873 "<literal>Maintainer:</literal> field, although it can take a few hours after "
1874 "the upload is done. If you do not expect to upload a new version for a "
1875 "while, you can use <xref linkend=\"pkg-tracking-system\"/> to get the bug "
1876 "reports. However, make sure that the old maintainer has no problem with the "
1877 "fact that they will continue to receive the bugs during that time."
1880 # type: Content of: <chapter><section><title>
1882 msgid "Porting and being ported"
1885 # type: Content of: <chapter><section><para>
1888 "Debian supports an ever-increasing number of architectures. Even if you are "
1889 "not a porter, and you don't use any architecture but one, it is part of your "
1890 "duty as a maintainer to be aware of issues of portability. Therefore, even "
1891 "if you are not a porter, you should read most of this chapter."
1894 # type: Content of: <chapter><section><para>
1897 "Porting is the act of building Debian packages for architectures that are "
1898 "different from the original architecture of the package maintainer's binary "
1899 "package. It is a unique and essential activity. In fact, porters do most "
1900 "of the actual compiling of Debian packages. For instance, for a single "
1901 "<emphasis>i386</emphasis> binary package, there must be a recompile for each "
1902 "architecture, which amounts to 12 more builds."
1905 # type: Content of: <chapter><section><section><title>
1907 msgid "Being kind to porters"
1910 # type: Content of: <chapter><section><section><para>
1913 "Porters have a difficult and unique task, since they are required to deal "
1914 "with a large volume of packages. Ideally, every source package should build "
1915 "right out of the box. Unfortunately, this is often not the case. This "
1916 "section contains a checklist of ``gotchas'' often committed by Debian "
1917 "maintainers — common problems which often stymie porters, and make their "
1918 "jobs unnecessarily difficult."
1921 # type: Content of: <chapter><section><section><para>
1924 "The first and most important thing is to respond quickly to bug or issues "
1925 "raised by porters. Please treat porters with courtesy, as if they were in "
1926 "fact co-maintainers of your package (which, in a way, they are). Please be "
1927 "tolerant of succinct or even unclear bug reports; do your best to hunt down "
1928 "whatever the problem is."
1931 # type: Content of: <chapter><section><section><para>
1934 "By far, most of the problems encountered by porters are caused by "
1935 "<emphasis>packaging bugs</emphasis> in the source packages. Here is a "
1936 "checklist of things you should check or be aware of."
1939 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
1942 "Make sure that your <literal>Build-Depends</literal> and "
1943 "<literal>Build-Depends-Indep</literal> settings in "
1944 "<filename>debian/control</filename> are set properly. The best way to "
1945 "validate this is to use the <systemitem "
1946 "role=\"package\">debootstrap</systemitem> package to create an unstable "
1947 "chroot environment (see <xref linkend=\"debootstrap\"/> ). Within that "
1948 "chrooted environment, install the <systemitem "
1949 "role=\"package\">build-essential</systemitem> package and any package "
1950 "dependencies mentioned in <literal>Build-Depends</literal> and/or "
1951 "<literal>Build-Depends-Indep</literal>. Finally, try building your package "
1952 "within that chrooted environment. These steps can be automated by the use "
1953 "of the <command>pbuilder</command> program which is provided by the package "
1954 "of the same name (see <xref linkend=\"pbuilder\"/> )."
1957 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
1960 "If you can't set up a proper chroot, <command>dpkg-depcheck</command> may be "
1961 "of assistance (see <xref linkend=\"dpkg-depcheck\"/> )."
1964 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
1967 "See the <ulink url=\"http://www.debian.org/doc/debian-policy/\">Debian "
1968 "Policy Manual</ulink> for instructions on setting build dependencies."
1971 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
1974 "Don't set architecture to a value other than ``all'' or ``any'' unless you "
1975 "really mean it. In too many cases, maintainers don't follow the "
1976 "instructions in the <ulink "
1977 "url=\"http://www.debian.org/doc/debian-policy/\">Debian Policy "
1978 "Manual</ulink>. Setting your architecture to ``i386'' is usually incorrect."
1981 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
1984 "Make sure your source package is correct. Do <literal>dpkg-source -x "
1985 "<replaceable>package</replaceable>.dsc</literal> to make sure your source "
1986 "package unpacks properly. Then, in there, try building your package from "
1987 "scratch with <command>dpkg-buildpackage</command>."
1990 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
1993 "Make sure you don't ship your source package with the "
1994 "<filename>debian/files</filename> or <filename>debian/substvars</filename> "
1995 "files. They should be removed by the `clean' target of "
1996 "<filename>debian/rules</filename>."
1999 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
2002 "Make sure you don't rely on locally installed or hacked configurations or "
2003 "programs. For instance, you should never be calling programs in "
2004 "<filename>/usr/local/bin</filename> or the like. Try not to rely on "
2005 "programs being setup in a special way. Try building your package on another "
2006 "machine, even if it's the same architecture."
2009 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
2012 "Don't depend on the package you're building being installed already (a "
2013 "sub-case of the above issue)."
2016 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
2019 "Don't rely on the compiler being a certain version, if possible. If not, "
2020 "then make sure your build dependencies reflect the restrictions, although "
2021 "you are probably asking for trouble, since different architectures sometimes "
2022 "standardize on different compilers."
2025 # type: Content of: <chapter><section><section><orderedlist><listitem><para>
2028 "Make sure your debian/rules contains separate ``binary-arch'' and "
2029 "``binary-indep'' targets, as the Debian Policy Manual requires. Make sure "
2030 "that both targets work independently, that is, that you can call the target "
2031 "without having called the other before. To test this, try to run "
2032 "<literal>dpkg-buildpackage -B</literal>."
2035 # type: Content of: <chapter><section><section><title>
2037 msgid "Guidelines for porter uploads"
2040 # type: Content of: <chapter><section><section><para>
2043 "If the package builds out of the box for the architecture to be ported to, "
2044 "you are in luck and your job is easy. This section applies to that case; it "
2045 "describes how to build and upload your binary package so that it is properly "
2046 "installed into the archive. If you do have to patch the package in order to "
2047 "get it to compile for the other architecture, you are actually doing a "
2048 "source NMU, so consult <xref linkend=\"nmu-guidelines\"/> instead."
2051 # type: Content of: <chapter><section><section><para>
2054 "For a porter upload, no changes are being made to the source. You do not "
2055 "need to touch any of the files in the source package. This includes "
2056 "<filename>debian/changelog</filename>."
2059 # type: Content of: <chapter><section><section><para>
2062 "The way to invoke <command>dpkg-buildpackage</command> is as "
2063 "<literal>dpkg-buildpackage -B "
2064 "-m<replaceable>porter-email</replaceable></literal>. Of course, set "
2065 "<replaceable>porter-email</replaceable> to your email address. This will do "
2066 "a binary-only build of only the architecture-dependent portions of the "
2067 "package, using the `binary-arch' target in "
2068 "<filename>debian/rules</filename>."
2071 # type: Content of: <chapter><section><section><para>
2074 "If you are working on a Debian machine for your porting efforts and you need "
2075 "to sign your upload locally for its acceptance in the archive, you can run "
2076 "<command>debsign</command> on your <filename>.changes</filename> file to "
2077 "have it signed conveniently, or use the remote signing mode of "
2078 "<command>dpkg-sig</command>."
2081 # type: Content of: <chapter><section><section><section><title>
2083 msgid "Recompilation or binary-only NMU"
2086 # type: Content of: <chapter><section><section><section><para>
2089 "Sometimes the initial porter upload is problematic because the environment "
2090 "in which the package was built was not good enough (outdated or obsolete "
2091 "library, bad compiler, ...). Then you may just need to recompile it in an "
2092 "updated environment. However, you have to bump the version number in this "
2093 "case, so that the old bad package can be replaced in the Debian archive "
2094 "(<command>katie</command> refuses to install new packages if they don't have "
2095 "a version number greater than the currently available one)."
2098 # type: Content of: <chapter><section><section><section><para>
2101 "You have to make sure that your binary-only NMU doesn't render the package "
2102 "uninstallable. This could happen when a source package generates "
2103 "arch-dependent and arch-independent packages that depend on each other via "
2104 "$(Source-Version)."
2107 # type: Content of: <chapter><section><section><section><para>
2110 "Despite the required modification of the changelog, these are called "
2111 "binary-only NMUs — there is no need in this case to trigger all other "
2112 "architectures to consider themselves out of date or requiring recompilation."
2115 # type: Content of: <chapter><section><section><section><para>
2118 "Such recompilations require special ``magic'' version numbering, so that the "
2119 "archive maintenance tools recognize that, even though there is a new Debian "
2120 "version, there is no corresponding source update. If you get this wrong, "
2121 "the archive maintainers will reject your upload (due to lack of "
2122 "corresponding source code)."
2125 # type: Content of: <chapter><section><section><section><para><footnote>
2128 "The ``magic'' for a recompilation-only NMU is triggered by using a suffix "
2129 "appended to the package version number, following the form b<number>. "
2130 "For instance, if the latest version you are recompiling against was version "
2131 "``2.9-3'', your NMU should carry a version of ``2.9-3+b1''. If the latest "
2132 "version was ``3.4+b1'' (i.e, a native package with a previous recompilation "
2133 "NMU), your NMU should have a version number of ``3.4+b2''. <footnote>"
2136 # type: Content of: <chapter><section><section><section><para><footnote><para>
2139 "In the past, such NMUs used the third-level number on the Debian part of the "
2140 "revision to denote their recompilation-only status; however, this syntax was "
2141 "ambiguous with native packages and did not allow proper ordering of "
2142 "recompile-only NMUs, source NMUs, and security NMUs on the same package, and "
2143 "has therefore been abandoned in favor of this new syntax."
2146 # type: Content of: <chapter><section><section><section><para>
2149 "Similar to initial porter uploads, the correct way of invoking "
2150 "<command>dpkg-buildpackage</command> is <literal>dpkg-buildpackage "
2151 "-B</literal> to only build the architecture-dependent parts of the package."
2154 # type: Content of: <chapter><section><section><section><title>
2156 msgid "When to do a source NMU if you are a porter"
2159 # type: Content of: <chapter><section><section><section><para>
2162 "Porters doing a source NMU generally follow the guidelines found in <xref "
2163 "linkend=\"nmu\"/> , just like non-porters. However, it is expected that the "
2164 "wait cycle for a porter's source NMU is smaller than for a non-porter, since "
2165 "porters have to cope with a large quantity of packages. Again, the "
2166 "situation varies depending on the distribution they are uploading to. It "
2167 "also varies whether the architecture is a candidate for inclusion into the "
2168 "next stable release; the release managers decide and announce which "
2169 "architectures are candidates."
2172 # type: Content of: <chapter><section><section><section><para>
2175 "If you are a porter doing an NMU for `unstable', the above guidelines for "
2176 "porting should be followed, with two variations. Firstly, the acceptable "
2177 "waiting period — the time between when the bug is submitted to the BTS and "
2178 "when it is OK to do an NMU — is seven days for porters working on the "
2179 "unstable distribution. This period can be shortened if the problem is "
2180 "critical and imposes hardship on the porting effort, at the discretion of "
2181 "the porter group. (Remember, none of this is Policy, just mutually agreed "
2182 "upon guidelines.) For uploads to stable or testing, please coordinate with "
2183 "the appropriate release team first."
2186 # type: Content of: <chapter><section><section><section><para>
2189 "Secondly, porters doing source NMUs should make sure that the bug they "
2190 "submit to the BTS should be of severity `serious' or greater. This ensures "
2191 "that a single source package can be used to compile every supported Debian "
2192 "architecture by release time. It is very important that we have one version "
2193 "of the binary and source package for all architecture in order to comply "
2194 "with many licenses."
2197 # type: Content of: <chapter><section><section><section><para>
2200 "Porters should try to avoid patches which simply kludge around bugs in the "
2201 "current version of the compile environment, kernel, or libc. Sometimes such "
2202 "kludges can't be helped. If you have to kludge around compiler bugs and the "
2203 "like, make sure you <literal>#ifdef</literal> your work properly; also, "
2204 "document your kludge so that people know to remove it once the external "
2205 "problems have been fixed."
2208 # type: Content of: <chapter><section><section><section><para>
2211 "Porters may also have an unofficial location where they can put the results "
2212 "of their work during the waiting period. This helps others running the port "
2213 "have the benefit of the porter's work, even during the waiting period. Of "
2214 "course, such locations have no official blessing or status, so buyer beware."
2217 # type: Content of: <chapter><section><section><title>
2219 msgid "Porting infrastructure and automation"
2222 # type: Content of: <chapter><section><section><para>
2225 "There is infrastructure and several tools to help automate package porting. "
2226 "This section contains a brief overview of this automation and porting to "
2227 "these tools; see the package documentation or references for full "
2231 # type: Content of: <chapter><section><section><section><title>
2233 msgid "Mailing lists and web pages"
2236 # type: Content of: <chapter><section><section><section><para>
2239 "Web pages containing the status of each port can be found at <ulink "
2240 "url=\"http://www.debian.org/ports/\"></ulink>."
2243 # type: Content of: <chapter><section><section><section><para>
2246 "Each port of Debian has a mailing list. The list of porting mailing lists "
2247 "can be found at <ulink url=\"http://lists.debian.org/ports.html\"></ulink>. "
2248 "These lists are used to coordinate porters, and to connect the users of a "
2249 "given port with the porters."
2252 # type: Content of: <chapter><section><section><section><title>
2254 msgid "Porter tools"
2257 # type: Content of: <chapter><section><section><section><para>
2260 "Descriptions of several porting tools can be found in <xref "
2261 "linkend=\"tools-porting\"/> ."
2264 # type: Content of: <chapter><section><section><section><para>
2267 "The <systemitem role=\"package\">buildd</systemitem> system is used as a "
2268 "distributed, client-server build distribution system. It is usually used in "
2269 "conjunction with <emphasis>auto-builders</emphasis>, which are ``slave'' "
2270 "hosts which simply check out and attempt to auto-build packages which need "
2271 "to be ported. There is also an email interface to the system, which allows "
2272 "porters to ``check out'' a source package (usually one which cannot yet be "
2273 "auto-built) and work on it."
2276 # type: Content of: <chapter><section><section><section><para>
2279 "<systemitem role=\"package\">buildd</systemitem> is not yet available as a "
2280 "package; however, most porting efforts are either using it currently or "
2281 "planning to use it in the near future. The actual automated builder is "
2282 "packaged as <systemitem role=\"package\">sbuild</systemitem>, see its "
2283 "description in <xref linkend=\"sbuild\"/> . The complete <systemitem "
2284 "role=\"package\">buildd</systemitem> system also collects a number of as yet "
2285 "unpackaged components which are currently very useful and in use "
2286 "continually, such as <command>andrea</command> and "
2287 "<command>wanna-build</command>."
2290 # type: Content of: <chapter><section><section><section><para>
2293 "Some of the data produced by <systemitem "
2294 "role=\"package\">buildd</systemitem> which is generally useful to porters is "
2295 "available on the web at <ulink url=\"http://buildd.debian.org/\"></ulink>. "
2296 "This data includes nightly updated information from "
2297 "<command>andrea</command> (source dependencies) and <systemitem "
2298 "role=\"package\">quinn-diff</systemitem> (packages needing recompilation)."
2301 # type: Content of: <chapter><section><section><section><para>
2304 "We are quite proud of this system, since it has so many possible uses. "
2305 "Independent development groups can use the system for different sub-flavors "
2306 "of Debian, which may or may not really be of general interest (for instance, "
2307 "a flavor of Debian built with <command>gcc</command> bounds checking). It "
2308 "will also enable Debian to recompile entire distributions quickly."
2311 # type: Content of: <chapter><section><section><section><para>
2314 "The buildds admins of each arch can be contacted at the mail address "
2315 "$arch@buildd.debian.org."
2318 # type: Content of: <chapter><section><section><title>
2320 msgid "When your package is <emphasis>not</emphasis> portable"
2323 # type: Content of: <chapter><section><section><para>
2326 "Some packages still have issues with building and/or working on some of the "
2327 "architectures supported by Debian, and cannot be ported at all, or not "
2328 "within a reasonable amount of time. An example is a package that is "
2329 "SVGA-specific (only i386), or uses other hardware-specific features not "
2330 "supported on all architectures."
2333 # type: Content of: <chapter><section><section><para>
2336 "In order to prevent broken packages from being uploaded to the archive, and "
2337 "wasting buildd time, you need to do a few things:"
2340 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
2343 "First, make sure your package <emphasis>does</emphasis> fail to build on "
2344 "architectures that it cannot support. There are a few ways to achieve "
2345 "this. The preferred way is to have a small testsuite during build time that "
2346 "will test the functionality, and fail if it doesn't work. This is a good "
2347 "idea anyway, as this will prevent (some) broken uploads on all "
2348 "architectures, and also will allow the package to build as soon as the "
2349 "required functionality is available."
2352 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
2355 "Additionally, if you believe the list of supported architectures is pretty "
2356 "constant, you should change 'any' to a list of supported architectures in "
2357 "debian/control. This way, the build will fail also, and indicate this to a "
2358 "human reader without actually trying."
2361 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
2364 "In order to prevent autobuilders from needlessly trying to build your "
2365 "package, it must be included in <filename>packages-arch-specific</filename>, "
2366 "a list used by the <command>wanna-build</command> script. The current "
2367 "version is available as <ulink "
2368 "url=\"http://cvs.debian.org/srcdep/Packages-arch-specific?cvsroot=dak\"></ulink>; "
2369 "please see the top of the file for whom to contact for changes."
2372 # type: Content of: <chapter><section><section><para>
2375 "Please note that it is insufficient to only add your package to "
2376 "Packages-arch-specific without making it fail to build on unsupported "
2377 "architectures: A porter or any other person trying to build your package "
2378 "might accidently upload it without noticing it doesn't work. If in the past "
2379 "some binary packages were uploaded on unsupported architectures, request "
2380 "their removal by filing a bug against <systemitem "
2381 "role=\"package\">ftp.debian.org</systemitem>"
2384 # type: Content of: <chapter><section><title>
2386 msgid "Non-Maintainer Uploads (NMUs)"
2389 # type: Content of: <chapter><section><para>
2392 "Under certain circumstances it is necessary for someone other than the "
2393 "official package maintainer to make a release of a package. This is called "
2394 "a non-maintainer upload, or NMU."
2397 # type: Content of: <chapter><section><para>
2400 "This section handles only source NMUs, i.e. NMUs which upload a new version "
2401 "of the package. For binary-only NMUs by porters or QA members, please see "
2402 "<xref linkend=\"binary-only-nmu\"/> . If a buildd builds and uploads a "
2403 "package, that too is strictly speaking a binary NMU. See <xref "
2404 "linkend=\"buildd\"/> for some more information."
2407 # type: Content of: <chapter><section><para>
2410 "The main reason why NMUs are done is when a developer needs to fix another "
2411 "developer's package in order to address serious problems or crippling bugs "
2412 "or when the package maintainer is unable to release a fix in a timely "
2416 # type: Content of: <chapter><section><para>
2419 "First and foremost, it is critical that NMU patches to source should be as "
2420 "non-disruptive as possible. Do not do housekeeping tasks, do not change the "
2421 "name of modules or files, do not move directories; in general, do not fix "
2422 "things which are not broken. Keep the patch as small as possible. If "
2423 "things bother you aesthetically, talk to the Debian maintainer, talk to the "
2424 "upstream maintainer, or submit a bug. However, aesthetic changes must "
2425 "<emphasis>not</emphasis> be made in a non-maintainer upload."
2428 # type: Content of: <chapter><section><para>
2431 "And please remember the Hippocratic Oath: Above all, do no harm. It is "
2432 "better to leave a package with an open grave bug than applying a "
2433 "non-functional patch, or one that hides the bug instead of resolving it."
2436 # type: Content of: <chapter><section><section><title>
2438 msgid "How to do a NMU"
2441 # type: Content of: <chapter><section><section><para>
2444 "NMUs which fix important, serious or higher severity bugs are encouraged and "
2445 "accepted. You should endeavor to reach the current maintainer of the "
2446 "package; they might be just about to upload a fix for the problem, or have a "
2450 # type: Content of: <chapter><section><section><para>
2453 "NMUs should be made to assist a package's maintainer in resolving bugs. "
2454 "Maintainers should be thankful for that help, and NMUers should respect the "
2455 "decisions of maintainers, and try to personally help the maintainer by their "
2459 # type: Content of: <chapter><section><section><para>
2462 "A NMU should follow all conventions, written down in this section. For an "
2463 "upload to testing or unstable, this order of steps is recommended:"
2466 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
2469 "Make sure that the package's bugs that the NMU is meant to address are all "
2470 "filed in the Debian Bug Tracking System (BTS). If they are not, submit them "
2474 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
2477 "Wait a few days for the response from the maintainer. If you don't get any "
2478 "response, you may want to help them by sending the patch that fixes the "
2479 "bug. Don't forget to tag the bug with the patch keyword."
2482 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
2485 "Wait a few more days. If you still haven't got an answer from the "
2486 "maintainer, send them a mail announcing your intent to NMU the package. "
2487 "Prepare an NMU as described in this section, and test it carefully on your "
2488 "machine (cf. <xref linkend=\"sanitycheck\"/> ). Double check that your "
2489 "patch doesn't have any unexpected side effects. Make sure your patch is as "
2490 "small and as non-disruptive as it can be."
2493 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
2496 "Upload your package to incoming in <filename>DELAYED/7-day</filename> (cf. "
2497 "<xref linkend=\"delayed-incoming\"/> ), send the final patch to the "
2498 "maintainer via the BTS, and explain to them that they have 7 days to react "
2499 "if they want to cancel the NMU."
2502 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
2505 "Follow what happens, you're responsible for any bug that you introduced with "
2506 "your NMU. You should probably use <xref linkend=\"pkg-tracking-system\"/> "
2507 "(PTS) to stay informed of the state of the package after your NMU."
2510 # type: Content of: <chapter><section><section><para>
2513 "At times, the release manager or an organized group of developers can "
2514 "announce a certain period of time in which the NMU rules are relaxed. This "
2515 "usually involves shortening the period during which one is to wait before "
2516 "uploading the fixes, and shortening the DELAYED period. It is important to "
2517 "notice that even in these so-called bug squashing party times, the NMU'er "
2518 "has to file bugs and contact the developer first, and act later. Please see "
2519 "<xref linkend=\"qa-bsp\"/> for details."
2522 # type: Content of: <chapter><section><section><para>
2525 "For the testing distribution, the rules may be changed by the release "
2526 "managers. Please take additional care, and acknowledge that the usual way "
2527 "for a package to enter testing is through unstable."
2530 # type: Content of: <chapter><section><section><para>
2533 "For the stable distribution, please take extra care. Of course, the release "
2534 "managers may also change the rules here. Please verify before you upload "
2535 "that all your changes are OK for inclusion into the next stable release by "
2536 "the release manager."
2539 # type: Content of: <chapter><section><section><para>
2542 "When a security bug is detected, the security team may do an NMU, using "
2543 "their own rules. Please refer to <xref linkend=\"bug-security\"/> for more "
2547 # type: Content of: <chapter><section><section><para>
2550 "For the differences for Porters NMUs, please see <xref "
2551 "linkend=\"source-nmu-when-porter\"/> ."
2554 # type: Content of: <chapter><section><section><para>
2557 "Of course, it is always possible to agree on special rules with a maintainer "
2558 "(like the maintainer asking please upload this fix directly for me, and no "
2562 # type: Content of: <chapter><section><section><title>
2564 msgid "NMU version numbering"
2567 # type: Content of: <chapter><section><section><para>
2570 "Whenever you have made a change to a package, no matter how trivial, the "
2571 "version number needs to change. This enables our packing system to "
2575 # type: Content of: <chapter><section><section><para>
2578 "If you are doing a non-maintainer upload (NMU), you should add a new minor "
2579 "version number to the <replaceable>debian-revision</replaceable> part of the "
2580 "version number (the portion after the last hyphen). This extra minor number "
2581 "will start at `1'. For example, consider the package `foo', which is at "
2582 "version 1.1-3. In the archive, the source package control file would be "
2583 "<filename>foo_1.1-3.dsc</filename>. The upstream version is `1.1' and the "
2584 "Debian revision is `3'. The next NMU would add a new minor number `.1' to "
2585 "the Debian revision; the new source control file would be "
2586 "<filename>foo_1.1-3.1.dsc</filename>."
2589 # type: Content of: <chapter><section><section><para>
2592 "The Debian revision minor number is needed to avoid stealing one of the "
2593 "package maintainer's version numbers, which might disrupt their work. It "
2594 "also has the benefit of making it visually clear that a package in the "
2595 "archive was not made by the official maintainer."
2598 # type: Content of: <chapter><section><section><para>
2601 "If there is no <replaceable>debian-revision</replaceable> component in the "
2602 "version number then one should be created, starting at `0.1' (but in case of "
2603 "a debian native package still upload it as native package). If it is "
2604 "absolutely necessary for someone other than the usual maintainer to make a "
2605 "release based on a new upstream version then the person making the release "
2606 "should start with the <replaceable>debian-revision</replaceable> value "
2607 "`0.1'. The usual maintainer of a package should start their "
2608 "<replaceable>debian-revision</replaceable> numbering at `1'."
2611 # type: Content of: <chapter><section><section><para>
2614 "If you upload a package to testing or stable, sometimes, you need to fork "
2615 "the version number tree. For this, version numbers like 1.1-3sarge0.1 could "
2619 # type: Content of: <chapter><section><section><title>
2621 msgid "Source NMUs must have a new changelog entry"
2624 # type: Content of: <chapter><section><section><para>
2627 "Anyone who is doing a source NMU must create a changelog entry, describing "
2628 "which bugs are fixed by the NMU, and generally why the NMU was required and "
2629 "what it fixed. The changelog entry will have the email address of the "
2630 "person who uploaded it in the log entry and the NMU version number in it."
2633 # type: Content of: <chapter><section><section><para>
2635 msgid "By convention, source NMU changelog entries start with the line"
2638 # type: Content of: <chapter><section><section><screen>
2641 msgid "* Non-maintainer upload"
2644 # type: Content of: <chapter><section><section><title>
2646 msgid "Source NMUs and the Bug Tracking System"
2649 # type: Content of: <chapter><section><section><para>
2652 "Maintainers other than the official package maintainer should make as few "
2653 "changes to the package as possible, and they should always send a patch as a "
2654 "unified context diff (<literal>diff -u</literal>) detailing their changes to "
2655 "the Bug Tracking System."
2658 # type: Content of: <chapter><section><section><para>
2661 "What if you are simply recompiling the package? If you just need to "
2662 "recompile it for a single architecture, then you may do a binary-only NMU as "
2663 "described in <xref linkend=\"binary-only-nmu\"/> which doesn't require any "
2664 "patch to be sent. If you want the package to be recompiled for all "
2665 "architectures, then you do a source NMU as usual and you will have to send a "
2669 # type: Content of: <chapter><section><section><para>
2672 "Bugs fixed by source NMUs used to be tagged fixed instead of closed, but "
2673 "since version tracking is in place, such bugs are now also closed with the "
2677 # type: Content of: <chapter><section><section><para>
2680 "Also, after doing an NMU, you have to send the information to the existing "
2681 "bugs that are fixed by your NMU, including the unified diff. Historically, "
2682 "it was custom to open a new bug and include a patch showing all the changes "
2683 "you have made. The normal maintainer will either apply the patch or employ "
2684 "an alternate method of fixing the problem. Sometimes bugs are fixed "
2685 "independently upstream, which is another good reason to back out an NMU's "
2686 "patch. If the maintainer decides not to apply the NMU's patch but to "
2687 "release a new version, the maintainer needs to ensure that the new upstream "
2688 "version really fixes each problem that was fixed in the non-maintainer "
2692 # type: Content of: <chapter><section><section><para>
2695 "In addition, the normal maintainer should <emphasis>always</emphasis> retain "
2696 "the entry in the changelog file documenting the non-maintainer upload -- and "
2697 "of course, also keep the changes. If you revert some of the changes, please "
2698 "reopen the relevant bug reports."
2701 # type: Content of: <chapter><section><section><title>
2703 msgid "Building source NMUs"
2706 # type: Content of: <chapter><section><section><para>
2709 "Source NMU packages are built normally. Pick a distribution using the same "
2710 "rules as found in <xref linkend=\"distribution\"/> , follow the other "
2711 "instructions in <xref linkend=\"upload\"/> ."
2714 # type: Content of: <chapter><section><section><para>
2717 "Make sure you do <emphasis>not</emphasis> change the value of the maintainer "
2718 "in the <filename>debian/control</filename> file. Your name as given in the "
2719 "NMU entry of the <filename>debian/changelog</filename> file will be used for "
2720 "signing the changes file."
2723 # type: Content of: <chapter><section><section><title>
2725 msgid "Acknowledging an NMU"
2728 # type: Content of: <chapter><section><section><para>
2731 "If one of your packages has been NMU'ed, you have to incorporate the changes "
2732 "in your copy of the sources. This is easy, you just have to apply the patch "
2733 "that has been sent to you. Once this is done, you have to close the bugs "
2734 "that have been tagged fixed by the NMU. The easiest way is to use the "
2735 "<literal>-v</literal> option of <command>dpkg-buildpackage</command>, as "
2736 "this allows you to include just all changes since your last maintainer "
2737 "upload. Alternatively, you can close them manually by sending the required "
2738 "mails to the BTS or by adding the required <literal>closes: #nnnn</literal> "
2739 "in the changelog entry of your next upload."
2742 # type: Content of: <chapter><section><section><para>
2745 "In any case, you should not be upset by the NMU. An NMU is not a personal "
2746 "attack against the maintainer. It is a proof that someone cares enough "
2747 "about the package that they were willing to help you in your work, so you "
2748 "should be thankful. You may also want to ask them if they would be "
2749 "interested in helping you on a more frequent basis as co-maintainer or "
2750 "backup maintainer (see <xref linkend=\"collaborative-maint\"/> )."
2753 # type: Content of: <chapter><section><section><title>
2755 msgid "NMU vs QA uploads"
2758 # type: Content of: <chapter><section><section><para>
2761 "Unless you know the maintainer is still active, it is wise to check the "
2762 "package to see if it has been orphaned. The current list of orphaned "
2763 "packages which haven't had their maintainer set correctly is available at "
2764 "<ulink url=\"http://qa.debian.org/orphaned.html\"></ulink>. If you perform "
2765 "an NMU on an improperly orphaned package, please set the maintainer to "
2766 "``Debian QA Group <packages@qa.debian.org>''."
2769 # type: Content of: <chapter><section><section><title>
2771 msgid "Who can do an NMU"
2774 # type: Content of: <chapter><section><section><para>
2777 "Only official, registered Debian Developers can do binary or source NMUs. A "
2778 "Debian Developer is someone who has their key in the Debian key ring. "
2779 "Non-developers, however, are encouraged to download the source package and "
2780 "start hacking on it to fix problems; however, rather than doing an NMU, they "
2781 "should just submit worthwhile patches to the Bug Tracking System. "
2782 "Maintainers almost always appreciate quality patches and bug reports."
2785 # type: Content of: <chapter><section><section><title>
2790 # type: Content of: <chapter><section><section><para>
2793 "There are two new terms used throughout this section: ``binary-only NMU'' "
2794 "and ``source NMU''. These terms are used with specific technical meaning "
2795 "throughout this document. Both binary-only and source NMUs are similar, "
2796 "since they involve an upload of a package by a developer who is not the "
2797 "official maintainer of that package. That is why it's a "
2798 "<emphasis>non-maintainer</emphasis> upload."
2801 # type: Content of: <chapter><section><section><para>
2804 "A source NMU is an upload of a package by a developer who is not the "
2805 "official maintainer, for the purposes of fixing a bug in the package. "
2806 "Source NMUs always involves changes to the source (even if it is just a "
2807 "change to <filename>debian/changelog</filename>). This can be either a "
2808 "change to the upstream source, or a change to the Debian bits of the "
2809 "source. Note, however, that source NMUs may also include "
2810 "architecture-dependent packages, as well as an updated Debian diff."
2813 # type: Content of: <chapter><section><section><para>
2816 "A binary-only NMU is a recompilation and upload of a binary package for a "
2817 "given architecture. As such, it is usually part of a porting effort. A "
2818 "binary-only NMU is a non-maintainer uploaded binary version of a package, "
2819 "with no source changes required. There are many cases where porters must "
2820 "fix problems in the source in order to get them to compile for their target "
2821 "architecture; that would be considered a source NMU rather than a "
2822 "binary-only NMU. As you can see, we don't distinguish in terminology "
2823 "between porter NMUs and non-porter NMUs."
2826 # type: Content of: <chapter><section><section><para>
2829 "Both classes of NMUs, source and binary-only, can be lumped under the term "
2830 "``NMU''. However, this often leads to confusion, since most people think "
2831 "``source NMU'' when they think ``NMU''. So it's best to be careful: always "
2832 "use ``binary NMU'' or ``binNMU'' for binary-only NMUs."
2835 # type: Content of: <chapter><section><title>
2837 msgid "Collaborative maintenance"
2840 # type: Content of: <chapter><section><para>
2843 "Collaborative maintenance is a term describing the sharing of Debian package "
2844 "maintenance duties by several people. This collaboration is almost always a "
2845 "good idea, since it generally results in higher quality and faster bug fix "
2846 "turnaround times. It is strongly recommended that packages with a priority "
2847 "of <literal>Standard</literal> or which are part of the base set have "
2851 # type: Content of: <chapter><section><para>
2854 "Generally there is a primary maintainer and one or more co-maintainers. The "
2855 "primary maintainer is the person whose name is listed in the "
2856 "<literal>Maintainer</literal> field of the "
2857 "<filename>debian/control</filename> file. Co-maintainers are all the other "
2861 # type: Content of: <chapter><section><para>
2864 "In its most basic form, the process of adding a new co-maintainer is quite "
2868 # type: Content of: <chapter><section><itemizedlist><listitem><para>
2871 "Setup the co-maintainer with access to the sources you build the package "
2872 "from. Generally this implies you are using a network-capable version "
2873 "control system, such as <command>CVS</command> or "
2874 "<command>Subversion</command>. Alioth (see <xref linkend=\"alioth\"/> ) "
2875 "provides such tools, amongst others."
2878 # type: Content of: <chapter><section><itemizedlist><listitem><para>
2881 "Add the co-maintainer's correct maintainer name and address to the "
2882 "<literal>Uploaders</literal> field in the global part of the "
2883 "<filename>debian/control</filename> file."
2886 # type: Content of: <chapter><section><itemizedlist><listitem><screen>
2889 msgid ": John Buzz <jbuzz@debian.org>, Adam Rex <arex@debian.org>"
2892 # type: Content of: <chapter><section><itemizedlist><listitem><para>
2895 "Using the PTS (<xref linkend=\"pkg-tracking-system\"/> ), the co-maintainers "
2896 "should subscribe themselves to the appropriate source package."
2899 # type: Content of: <chapter><section><para>
2902 "Another form of collaborative maintenance is team maintenance, which is "
2903 "recommended if you maintain several packages with the same group of "
2904 "developers. In that case, the Maintainer and Uploaders field of each "
2905 "package must be managed with care. It is recommended to choose between one "
2906 "of the two following schemes:"
2909 # type: Content of: <chapter><section><orderedlist><listitem><para>
2912 "Put the team member mainly responsible for the package in the Maintainer "
2913 "field. In the Uploaders, put the mailing list address, and the team members "
2914 "who care for the package."
2917 # type: Content of: <chapter><section><orderedlist><listitem><para>
2920 "Put the mailing list address in the Maintainer field. In the Uploaders "
2921 "field, put the team members who care for the package. In this case, you "
2922 "must make sure the mailing list accept bug reports without any human "
2923 "interaction (like moderation for non-subscribers)."
2926 # type: Content of: <chapter><section><para>
2929 "In any case, it is a bad idea to automatically put all team members in the "
2930 "Uploaders field. It clutters the Developer's Package Overview listing (see "
2931 "<xref linkend=\"ddpo\"/> ) with packages one doesn't really care for, and "
2932 "creates a false sense of good maintenance."
2935 # type: Content of: <chapter><section><title>
2937 msgid "The testing distribution"
2940 # type: Content of: <chapter><section><section><title>
2945 # type: Content of: <chapter><section><section><para>
2948 "Packages are usually installed into the `testing' distribution after they "
2949 "have undergone some degree of testing in unstable."
2952 # type: Content of: <chapter><section><section><para>
2955 "They must be in sync on all architectures and mustn't have dependencies that "
2956 "make them uninstallable; they also have to have generally no known "
2957 "release-critical bugs at the time they're installed into testing. This way, "
2958 "`testing' should always be close to being a release candidate. Please see "
2959 "below for details."
2962 # type: Content of: <chapter><section><section><title>
2964 msgid "Updates from unstable"
2967 # type: Content of: <chapter><section><section><para>
2970 "The scripts that update the <emphasis>testing</emphasis> distribution are "
2971 "run each day after the installation of the updated packages; these scripts "
2972 "are called <emphasis>britney</emphasis>. They generate the "
2973 "<filename>Packages</filename> files for the <emphasis>testing</emphasis> "
2974 "distribution, but they do so in an intelligent manner; they try to avoid any "
2975 "inconsistency and to use only non-buggy packages."
2978 # type: Content of: <chapter><section><section><para>
2981 "The inclusion of a package from <emphasis>unstable</emphasis> is conditional "
2985 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
2988 "The package must have been available in <emphasis>unstable</emphasis> for 2, "
2989 "5 or 10 days, depending on the urgency (high, medium or low). Please note "
2990 "that the urgency is sticky, meaning that the highest urgency uploaded since "
2991 "the previous testing transition is taken into account. Those delays may be "
2992 "doubled during a freeze, or testing transitions may be switched off "
2996 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
2999 "It must have the same number or fewer release-critical bugs than the version "
3000 "currently available in <emphasis>testing</emphasis>;"
3003 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
3006 "It must be available on all architectures on which it has previously been "
3007 "built in unstable. <xref linkend=\"madison\"/> may be of interest to check "
3011 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
3014 "It must not break any dependency of a package which is already available in "
3015 "<emphasis>testing</emphasis>;"
3018 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
3021 "The packages on which it depends must either be available in "
3022 "<emphasis>testing</emphasis> or they must be accepted into "
3023 "<emphasis>testing</emphasis> at the same time (and they will be if they "
3024 "fulfill all the necessary criteria);"
3027 # type: Content of: <chapter><section><section><para>
3030 "To find out whether a package is progressing into testing or not, see the "
3031 "testing script output on the <ulink "
3032 "url=\"http://www.debian.org/devel/testing\">web page of the testing "
3033 "distribution</ulink>, or use the program <command>grep-excuses</command> "
3034 "which is in the <systemitem role=\"package\">devscripts</systemitem> "
3035 "package. This utility can easily be used in a <citerefentry> "
3036 "<refentrytitle>crontab</refentrytitle> <manvolnum>5</manvolnum> "
3037 "</citerefentry> to keep yourself informed of the progression of your "
3038 "packages into <emphasis>testing</emphasis>."
3041 # type: Content of: <chapter><section><section><para>
3044 "The <filename>update_excuses</filename> file does not always give the "
3045 "precise reason why the package is refused; you may have to find it on your "
3046 "own by looking for what would break with the inclusion of the package. The "
3047 "<ulink url=\"http://www.debian.org/devel/testing\">testing web page</ulink> "
3048 "gives some more information about the usual problems which may be causing "
3052 # type: Content of: <chapter><section><section><para>
3055 "Sometimes, some packages never enter <emphasis>testing</emphasis> because "
3056 "the set of inter-relationship is too complicated and cannot be sorted out by "
3057 "the scripts. See below for details."
3060 # type: Content of: <chapter><section><section><para>
3063 "Some further dependency analysis is shown on <ulink "
3064 "url=\"http://bjorn.haxx.se/debian/\"></ulink> — but be warned, this page "
3065 "also shows build dependencies which are not considered by britney."
3068 # type: Content of: <chapter><section><section><section><title>
3073 # type: Content of: <chapter><section><section><section><para>
3076 "For the testing migration script, outdated means: There are different "
3077 "versions in unstable for the release architectures (except for the "
3078 "architectures in fuckedarches; fuckedarches is a list of architectures that "
3079 "don't keep up (in update_out.py), but currently, it's empty). outdated has "
3080 "nothing whatsoever to do with the architectures this package has in testing."
3083 # type: Content of: <chapter><section><section><section><para>
3085 msgid "Consider this example:"
3088 # type: Content of: <chapter><section><section><section><informaltable><tgroup><thead><row><entry>
3089 #: pkgs.dbk:2279 pkgs.dbk:2310
3093 # type: Content of: <chapter><section><section><section><informaltable><tgroup><thead><row><entry>
3094 #: pkgs.dbk:2280 pkgs.dbk:2311
3098 # type: Content of: <chapter><section><section><section><informaltable><tgroup><thead><row><entry>
3099 #: pkgs.dbk:2285 pkgs.dbk:2317 pkgs.dbk:2377
3103 # type: Content of: <chapter><section><section><section><informaltable><tgroup><tbody><row><entry>
3104 #: pkgs.dbk:2286 pkgs.dbk:2291 pkgs.dbk:2318 pkgs.dbk:2319 pkgs.dbk:2326
3108 # type: Content of: <chapter><section><section><section><informaltable><tgroup><tbody><row><entry>
3109 #: pkgs.dbk:2287 pkgs.dbk:2320 pkgs.dbk:2325
3113 # type: Content of: <chapter><section><section><section><informaltable><tgroup><thead><row><entry>
3114 #: pkgs.dbk:2290 pkgs.dbk:2323 pkgs.dbk:2378
3118 # type: Content of: <chapter><section><section><section><informaltable><tgroup><tbody><row><entry>
3119 #: pkgs.dbk:2292 pkgs.dbk:2324
3123 # type: Content of: <chapter><section><section><section><para>
3126 "The package is out of date on alpha in unstable, and will not go to "
3127 "testing. And removing foo from testing would not help at all, the package "
3128 "is still out of date on alpha, and will not propagate to testing."
3131 # type: Content of: <chapter><section><section><section><para>
3133 msgid "However, if ftp-master removes a package in unstable (here on arm):"
3136 # type: Content of: <chapter><section><section><section><informaltable><tgroup><thead><row><entry>
3141 # type: Content of: <chapter><section><section><section><para>
3144 "In this case, the package is up to date on all release architectures in "
3145 "unstable (and the extra hurd-i386 doesn't matter, as it's not a release "
3149 # type: Content of: <chapter><section><section><section><para>
3152 "Sometimes, the question is raised if it is possible to allow packages in "
3153 "that are not yet built on all architectures: No. Just plainly no. (Except "
3154 "if you maintain glibc or so.)"
3157 # type: Content of: <chapter><section><section><section><title>
3159 msgid "Removals from testing"
3162 # type: Content of: <chapter><section><section><section><para>
3165 "Sometimes, a package is removed to allow another package in: This happens "
3166 "only to allow <emphasis>another</emphasis> package to go in if it's ready in "
3167 "every other sense. Suppose e.g. that <emphasis>a</emphasis> cannot be "
3168 "installed with the new version of <emphasis>b</emphasis>; then "
3169 "<emphasis>a</emphasis> may be removed to allow <emphasis>b</emphasis> in."
3172 # type: Content of: <chapter><section><section><section><para>
3175 "Of course, there is another reason to remove a package from testing: It's "
3176 "just too buggy (and having a single RC-bug is enough to be in this state)."
3179 # type: Content of: <chapter><section><section><section><para>
3182 "Furthermore, if a package has been removed from unstable, and no package in "
3183 "testing depends on it any more, then it will automatically be removed."
3186 # type: Content of: <chapter><section><section><section><title>
3188 msgid "circular dependencies"
3191 # type: Content of: <chapter><section><section><section><para>
3194 "A situation which is not handled very well by britney is if package "
3195 "<emphasis>a</emphasis> depends on the new version of package "
3196 "<emphasis>b</emphasis>, and vice versa."
3199 # type: Content of: <chapter><section><section><section><para>
3201 msgid "An example of this is:"
3204 # type: Content of: <chapter><section><section><section><informaltable><tgroup><tbody><row><entry>
3209 # type: Content of: <chapter><section><section><section><informaltable><tgroup><tbody><row><entry>
3211 msgid "1; depends: b=1"
3214 # type: Content of: <chapter><section><section><section><informaltable><tgroup><tbody><row><entry>
3216 msgid "2; depends: b=2"
3219 # type: Content of: <chapter><section><section><section><informaltable><tgroup><tbody><row><entry>
3224 # type: Content of: <chapter><section><section><section><informaltable><tgroup><tbody><row><entry>
3226 msgid "1; depends: a=1"
3229 # type: Content of: <chapter><section><section><section><informaltable><tgroup><tbody><row><entry>
3231 msgid "2; depends: a=2"
3234 # type: Content of: <chapter><section><section><section><para>
3237 "Neither package <emphasis>a</emphasis> nor package <emphasis>b</emphasis> is "
3238 "considered for update."
3241 # type: Content of: <chapter><section><section><section><para>
3244 "Currently, this requires some manual hinting from the release team. Please "
3245 "contact them by sending mail to "
3246 "<email>debian-release@lists.debian.org</email> if this happens to one of "
3250 # type: Content of: <chapter><section><section><section><title>
3252 msgid "influence of package in testing"
3255 # type: Content of: <chapter><section><section><section><para>
3258 "Generally, there is nothing that the status of a package in testing means "
3259 "for transition of the next version from unstable to testing, with two "
3260 "exceptions: If the RC-bugginess of the package goes down, it may go in even "
3261 "if it is still RC-buggy. The second exception is if the version of the "
3262 "package in testing is out of sync on the different arches: Then any arch "
3263 "might just upgrade to the version of the source package; however, this can "
3264 "happen only if the package was previously forced through, the arch is in "
3265 "fuckedarches, or there was no binary package of that arch present in "
3266 "unstable at all during the testing migration."
3269 # type: Content of: <chapter><section><section><section><para>
3272 "In summary this means: The only influence that a package being in testing "
3273 "has on a new version of the same package is that the new version might go in "
3277 # type: Content of: <chapter><section><section><section><title>
3282 # type: Content of: <chapter><section><section><section><para>
3284 msgid "If you are interested in details, this is how britney works:"
3287 # type: Content of: <chapter><section><section><section><para>
3290 "The packages are looked at to determine whether they are valid candidates. "
3291 "This gives the update excuses. The most common reasons why a package is not "
3292 "considered are too young, RC-bugginess, and out of date on some arches. For "
3293 "this part of britney, the release managers have hammers of various sizes to "
3294 "force britney to consider a package. (Also, the base freeze is coded in "
3295 "that part of britney.) (There is a similar thing for binary-only updates, "
3296 "but this is not described here. If you're interested in that, please peruse "
3300 # type: Content of: <chapter><section><section><section><para>
3303 "Now, the more complex part happens: Britney tries to update testing with the "
3304 "valid candidates; first, each package alone, and then larger and even larger "
3305 "sets of packages together. Each try is accepted if testing is not more "
3306 "uninstallable after the update than before. (Before and after this part, "
3307 "some hints are processed; but as only release masters can hint, this is "
3308 "probably not so important for you.)"
3311 # type: Content of: <chapter><section><section><section><para>
3314 "If you want to see more details, you can look it up on "
3315 "merkel:/org/ftp.debian.org/testing/update_out/ (or there in "
3316 "~aba/testing/update_out to see a setup with a smaller packages file). Via "
3317 "web, it's at <ulink "
3318 "url=\"http://ftp-master.debian.org/testing/update_out_code/\"></ulink>"
3321 # type: Content of: <chapter><section><section><section><para>
3324 "The hints are available via <ulink "
3325 "url=\"http://ftp-master.debian.org/testing/hints/\"></ulink>."
3328 # type: Content of: <chapter><section><section><title>
3330 msgid "Direct updates to testing"
3333 # type: Content of: <chapter><section><section><para>
3336 "The testing distribution is fed with packages from unstable according to the "
3337 "rules explained above. However, in some cases, it is necessary to upload "
3338 "packages built only for testing. For that, you may want to upload to "
3339 "<emphasis>testing-proposed-updates</emphasis>."
3342 # type: Content of: <chapter><section><section><para>
3345 "Keep in mind that packages uploaded there are not automatically processed, "
3346 "they have to go through the hands of the release manager. So you'd better "
3347 "have a good reason to upload there. In order to know what a good reason is "
3348 "in the release managers' eyes, you should read the instructions that they "
3349 "regularly give on <email>debian-devel-announce@lists.debian.org</email>."
3352 # type: Content of: <chapter><section><section><para>
3355 "You should not upload to <emphasis>testing-proposed-updates</emphasis> when "
3356 "you can update your packages through <emphasis>unstable</emphasis>. If you "
3357 "can't (for example because you have a newer development version in "
3358 "unstable), you may use this facility, but it is recommended that you ask for "
3359 "authorization from the release manager first. Even if a package is frozen, "
3360 "updates through unstable are possible, if the upload via unstable does not "
3361 "pull in any new dependencies."
3364 # type: Content of: <chapter><section><section><para>
3367 "Version numbers are usually selected by adding the codename of the testing "
3368 "distribution and a running number, like 1.2sarge1 for the first upload "
3369 "through testing-proposed-updates of package version 1.2."
3372 # type: Content of: <chapter><section><section><para>
3374 msgid "Please make sure you didn't miss any of these items in your upload:"
3377 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
3380 "Make sure that your package really needs to go through "
3381 "<emphasis>testing-proposed-updates</emphasis>, and can't go through "
3385 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
3387 msgid "Make sure that you included only the minimal amount of changes;"
3390 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
3392 msgid "Make sure that you included an appropriate explanation in the changelog;"
3395 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
3398 "Make sure that you've written <emphasis>testing</emphasis> or "
3399 "<emphasis>testing-proposed-updates</emphasis> into your target distribution;"
3402 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
3405 "Make sure that you've built and tested your package in "
3406 "<emphasis>testing</emphasis>, not in <emphasis>unstable</emphasis>;"
3409 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
3412 "Make sure that your version number is higher than the version in "
3413 "<emphasis>testing</emphasis> and "
3414 "<emphasis>testing-proposed-updates</emphasis>, and lower than in "
3415 "<emphasis>unstable</emphasis>;"
3418 # type: Content of: <chapter><section><section><itemizedlist><listitem><para>
3421 "After uploading and successful build on all platforms, contact the release "
3422 "team at <email>debian-release@lists.debian.org</email> and ask them to "
3423 "approve your upload."
3426 # type: Content of: <chapter><section><section><title>
3428 msgid "Frequently asked questions"
3431 # type: Content of: <chapter><section><section><section><title>
3433 msgid "What are release-critical bugs, and how do they get counted?"
3436 # type: Content of: <chapter><section><section><section><para>
3439 "All bugs of some higher severities are by default considered "
3440 "release-critical; currently, these are critical, grave, and serious bugs."
3443 # type: Content of: <chapter><section><section><section><para>
3446 "Such bugs are presumed to have an impact on the chances that the package "
3447 "will be released with the stable release of Debian: in general, if a package "
3448 "has open release-critical bugs filed on it, it won't get into testing, and "
3449 "consequently won't be released in stable."
3452 # type: Content of: <chapter><section><section><section><para>
3455 "The unstable bug count are all release-critical bugs without either any "
3456 "release-tag (such as potato, woody) or with release-tag sid; also, only if "
3457 "they are neither fixed nor set to sarge-ignore. The testing bug count for a "
3458 "package is considered to be roughly the bug count of unstable count at the "
3459 "last point when the testing version equalled the unstable version."
3462 # type: Content of: <chapter><section><section><section><para>
3465 "This will change post-sarge, as soon as we have versions in the bug tracking "
3469 # type: Content of: <chapter><section><section><section><title>
3471 msgid "How could installing a package into testing possibly break other packages?"
3474 # type: Content of: <chapter><section><section><section><para>
3477 "The structure of the distribution archives is such that they can only "
3478 "contain one version of a package; a package is defined by its name. So when "
3479 "the source package acmefoo is installed into testing, along with its binary "
3480 "packages acme-foo-bin, acme-bar-bin, libacme-foo1 and libacme-foo-dev, the "
3481 "old version is removed."
3484 # type: Content of: <chapter><section><section><section><para>
3487 "However, the old version may have provided a binary package with an old "
3488 "soname of a library, such as libacme-foo0. Removing the old acmefoo will "
3489 "remove libacme-foo0, which will break any packages which depend on it."
3492 # type: Content of: <chapter><section><section><section><para>
3495 "Evidently, this mainly affects packages which provide changing sets of "
3496 "binary packages in different versions (in turn, mainly libraries). However, "
3497 "it will also affect packages upon which versioned dependencies have been "
3498 "declared of the ==, <=, or << varieties."
3501 # type: Content of: <chapter><section><section><section><para>
3504 "When the set of binary packages provided by a source package change in this "
3505 "way, all the packages that depended on the old binaries will have to be "
3506 "updated to depend on the new binaries instead. Because installing such a "
3507 "source package into testing breaks all the packages that depended on it in "
3508 "testing, some care has to be taken now: all the depending packages must be "
3509 "updated and ready to be installed themselves so that they won't be broken, "
3510 "and, once everything is ready, manual intervention by the release manager or "
3511 "an assistant is normally required."
3514 # type: Content of: <chapter><section><section><section><para>
3517 "If you are having problems with complicated groups of packages like this, "
3518 "contact debian-devel or debian-release for help."