update information about gpg and t-p-u uploads

[developers-reference.git] / developers-reference.sgml

diff --git a/developers-reference.sgml b/developers-reference.sgml
index 0745cc39a1b82cbd58d18d7e16fff50165de83f9..48cc70e006d3aecb60d4b9467a8dd9dd8e9966fe 100644 (file)
--- a/developers-reference.sgml
+++ b/developers-reference.sgml
@@ -6,7 +6,7 @@
   <!ENTITY % commondata  SYSTEM "common.ent" > %commondata;
 
   <!-- CVS revision of this document -->
   <!ENTITY % commondata  SYSTEM "common.ent" > %commondata;
 
   <!-- CVS revision of this document -->

-  <!ENTITY cvs-rev "$Revision: 1.243 $">
+  <!ENTITY cvs-rev "$Revision: 1.244 $">

 
   <!-- if you are translating this document, please notate the CVS
        revision of the original developer's reference in cvs-en-rev -->
 
   <!-- if you are translating this document, please notate the CVS
        revision of the original developer's reference in cvs-en-rev -->


@@ -289,6 +289,11 @@ public servers or multiuser machines, such as the Debian servers
 Read the documentation that comes with your software; read the <url
 id="&url-pgp-faq;" name="PGP FAQ">.
        <p>
 Read the documentation that comes with your software; read the <url
 id="&url-pgp-faq;" name="PGP FAQ">.
        <p>

+You need to ensure not only that your key is secure against being stolen,
+but also that it is secure against being lost. Generate and make a copy
+(best also in paper form) of your revocation certificate; this is needed if
+your key is lost.
+       <p>

 If you add signatures to your public key, or add user identities, you
 can update the Debian key ring by sending your key to the key server at
 <tt>&keyserver-host;</tt>.  If you need to add a completely new key,
 If you add signatures to your public key, or add user identities, you
 can update the Debian key ring by sending your key to the key server at
 <tt>&keyserver-host;</tt>.  If you need to add a completely new key,


@@ -3338,6 +3343,24 @@ does not pulls an new dependency in.
 Version numbers are usually selected by adding the codename of the testing
 distribution and a incrementing number, like 1.2sarge1 for the first upload
 through testing-proposed-updates of the package version 1.2.
 Version numbers are usually selected by adding the codename of the testing
 distribution and a incrementing number, like 1.2sarge1 for the first upload
 through testing-proposed-updates of the package version 1.2.

+       <p>
+Please make sure you didn't miss any of these items at your upload:
+<list>
+<item> Make sure that your package really needs to go through
+<em>testing-proposed-uploads</em>, and can't go through unstable;
+<item> Make sure that you included only the minimal amount of changes;
+<item> Make sure that you included an appropriate explaination in the
+changelog;
+<item> Make sure that you've written <em>testing</em> or
+<em>testing-proposed-updates</em> into your target distribution;
+<item> Make sure that you've build and tested your package in
+<em>testing</em>, not in <em>unstable</em>;
+<item> Make sure that your version number is higher than the version in
+<em>testing</em> and <em>testing-proposed-updates</em>, and lower than in
+<em>unstable</em>;
+<item> After uploading and successful build on all platforms, contact the
+release team at &email-debian-release; and ask them to approve your upload.
+</list>

 
 
        <sect1 id="faq">
 
 
        <sect1 id="faq">