</para>
<para>
Normally, a package should <emphasis>not</emphasis> be uploaded if it causes
-lintian to emit errors (they will start with <literal>E</literal>).
+<command>lintian</command> to emit errors (they will start with <literal>E</literal>).
</para>
<para>
For more information on <command>lintian</command>, see <xref
<para>
For the native packages, the source package includes a Debian source control
file (<filename>.dsc</filename>) and the source tarball
-(<filename>.tar.{gz,bz2,lzma}</filename>). A source package of a non-native package
+(<filename>.tar.{gz,bz2,xz}</filename>). A source package of a non-native package
includes a Debian source control file, the original source tarball
-(<filename>.orig.tar.{gz,bz2,lzma}</filename>) and the Debian changes
+(<filename>.orig.tar.{gz,bz2,xz}</filename>) and the Debian changes
(<filename>.diff.gz</filename> for the source format “1.0” or
-<filename>.debian.tar.{gz,bz2,lzma}</filename> for the source format “3.0 (quilt)”).
+<filename>.debian.tar.{gz,bz2,xz}</filename> for the source format “3.0 (quilt)”).
</para>
<para>
With source format “1.0”, whether a package is native or not was determined
</para>
<para>
Please notice that, in non-native packages, permissions on files that are not
-present in the <filename>*.orig.tar.{gz,bz2,lzma}</filename> will not be preserved, as diff does not store file
+present in the <filename>*.orig.tar.{gz,bz2,xz}</filename> will not be preserved, as diff does not store file
permissions in the patch. However when using source format “3.0 (quilt)”,
permissions of files inside the <filename>debian</filename> directory are
preserved since they are stored in a tar archive.
</para>
<para>
To ensure that your upload will be accepted, you should discuss the changes
-with the stable release team before you upload. For that, send a mail to
-the &email-debian-release; mailing list, including the patch you want to
+with the stable release team before you upload. For that, file a bug against
+the <systemitem role="package">release.debian.org</systemitem> pseudo-package
+using <command>reportbug</command>, including the patch you want to
apply to the package version currently in <literal>stable</literal>. Always
be verbose and detailed in your changelog entries for uploads to the
<literal>stable</literal> distribution.
the regular incoming directory for processing.
This is done through automatic uploading to
<literal>&ftp-upload-host;</literal> in upload-directory
-<literal>DELAYED/[012345678]-day</literal>. 0-day is uploaded
+<literal>DELAYED/<replaceable>X</replaceable>-day</literal>
+(<replaceable>X</replaceable> between 0 and 15). 0-day is uploaded
multiple times per day to <literal>&ftp-upload-host;</literal>.
</para>
<para>
<para>
The Debian archive maintainers are responsible for handling package uploads.
For the most part, uploads are automatically handled on a daily basis by the
-archive maintenance tools, <command>katie</command>. Specifically, updates to
-existing packages to the <literal>unstable</literal> distribution are handled
-automatically. In other cases, notably new packages, placing the uploaded
-package into the distribution is handled manually. When uploads are handled
-manually, the change to the archive may take up to a month to occur. Please
+archive maintenance tools, <command>dak process-upload</command>. Specifically,
+updates to existing packages to the <literal>unstable</literal> distribution are
+handled automatically. In other cases, notably new packages, placing the
+uploaded package into the distribution is handled manually. When uploads are
+handled manually, the change to the archive may take some time to occur. Please
be patient.
</para>
<para>
<para>
When you become aware of a security-related bug in a Debian package, whether or
not you are the maintainer, collect pertinent information about the problem,
-and promptly contact the security team at
-&email-security-team; as soon as possible. <emphasis
-role="strong">DO NOT UPLOAD</emphasis> any packages for <literal>stable</literal>
-without contacting the team. Useful information includes, for example:
+and promptly contact the security team, preferably by filing a ticket in
+their Request Tracker.
+See <ulink url="http://wiki.debian.org/rt.debian.org#Security_Team"></ulink>.
+Alternatively you may email &email-security-team;.
+<emphasis role="strong">DO NOT UPLOAD</emphasis> any packages for
+<literal>stable</literal> without contacting the team. Useful information
+includes, for example:
</para>
<itemizedlist>
<listitem>
<para>
+Whether or not the bug is already public.
+</para>
+</listitem>
+<listitem>
+<para>
Which versions of the package are known to be affected by the bug. Check each
version that is present in a supported Debian release, as well as
<literal>testing</literal> and <literal>unstable</literal>.
</listitem>
<listitem>
<para>
-Unless the upstream source has been uploaded to <literal>security.debian.org
-</literal> before (by a previous security update), build the upload <emphasis
-role="strong">with full upstream source</emphasis> (<literal>dpkg-buildpackage
--sa</literal>). If there has been a previous upload to
-<literal>security.debian.org</literal> with the same upstream version, you may
-upload without upstream source (<literal>dpkg-buildpackage -sd</literal>).
+Unless the upstream source has been uploaded to
+<literal>security.debian.org</literal> before (by a previous security update),
+build the upload <emphasis role="strong">with full upstream source</emphasis>
+(<literal>dpkg-buildpackage -sa</literal>). If there has been a previous
+upload to <literal>security.debian.org</literal> with the same upstream
+version, you may upload without upstream source (<literal>dpkg-buildpackage
+-sd</literal>).
</para>
</listitem>
<listitem>
<para>
Be sure to use the <emphasis role="strong">exact same
-<filename>*.orig.tar.{gz,bz2,lzma}</filename></emphasis> as used in the
+<filename>*.orig.tar.{gz,bz2,xz}</filename></emphasis> as used in the
normal archive, otherwise it is not possible to move the security fix into the
main archives later.
</para>
<title>Moving packages</title>
<para>
Sometimes a package will change its section. For instance, a package from the
-`non-free' section might be GPL'd in a later version, in which case the package
+<literal>non-free</literal> section might be GPL'd in a later version, in which case the package
should be moved to `main' or `contrib'.<footnote><para> See the <ulink
url="&url-debian-policy;">Debian Policy Manual</ulink> for
guidelines on what section a package belongs in. </para> </footnote>
the package (see the <ulink
url="&url-debian-policy;">Debian Policy Manual</ulink> for
details). You must ensure that you include the
-<filename>.orig.tar.{gz,bz2,lzma}</filename> in your upload (even if you are not uploading
+<filename>.orig.tar.{gz,bz2,xz}</filename> in your upload (even if you are not uploading
a new upstream version), or it will not appear in the new section together with
the rest of the package. If your new section is valid, it will be moved
automatically. If it does not, then contact the ftpmasters in order to
<para>
If for some reason you want to completely remove a package (say, if it is an
old compatibility library which is no longer required), you need to file a bug
-against <literal>ftp.debian.org</literal> asking that the package be removed;
+against <systemitem role="package">&ftp-debian-org;</systemitem> asking that the package be removed;
as all bugs, this bug should normally have normal severity.
The bug title should be in the form <literal>RM: <replaceable>package</replaceable>
<replaceable>[architecture list]</replaceable> --
<replaceable>[architecture list]</replaceable> is optional and only needed
if the removal request only applies to some architectures, not all. Note
that the <command>reportbug</command> will create a title conforming
-to these rules when you use it to report a bug against the
-<literal>ftp.debian.org</literal> pseudo-package.
+to these rules when you use it to report a bug against the
+<systemitem role="package">&ftp-debian-org;</systemitem> pseudo-package.
</para>
<para>
</para>
<para>
There is one exception when an explicit removal request is not necessary: If a
-(source or binary) package is an orphan, it will be removed semi-automatically.
-For a binary-package, this means if there is no longer any source package
-producing this binary package; if the binary package is just no longer produced
-on some architectures, a removal request is still necessary. For a
-source-package, this means that all binary packages it refers to have been
+(source or binary) package is no longer built from source, it will be removed
+semi-automatically. For a binary-package, this means if there is no longer any
+source package producing this binary package; if the binary package is just no
+longer produced on some architectures, a removal request is still necessary. For
+a source-package, this means that all binary packages it refers to have been
taken over by another source package.
</para>
<para>
should only add a <literal>Provides</literal> relation if all
packages depending on the obsolete package name continue to work
after the renaming. Once you've uploaded the package and the package
-has moved into the archive, file a bug against <literal>ftp.debian.org</literal>
+has moved into the archive, file a bug against <systemitem role="package">&ftp-debian-org;</systemitem>
asking to remove the package with the
obsolete name (see <xref linkend="removing-pkgs"/>). Do not forget
to properly reassign the package's bugs at the same time.
</para>
</section>
+<section id="non-free-buildd">
+<title>Marking non-free packages as auto-buildable</title>
+<para>
+By default packages from the <literal>non-free</literal> section are not built by the autobuilder
+network (mostly because the license of the packages could disapprove).
+To enable a package to be build you need to perform the following
+steps:
+</para>
+<orderedlist numeration="arabic">
+<listitem>
+<para>
+Check whether it is legally allowed and technically possible
+to auto-build the package;
+</para>
+</listitem>
+<listitem>
+<para>
+Add <literal>XS-Autobuild: yes</literal> into the header part
+of <filename>debian/control</filename>;
+</para>
+</listitem>
+<listitem>
+<para>
+Send an email to &email-nonfree-release; and explain why the
+package can legitimately and technically be auto-built.
+</para>
+</listitem>
+</orderedlist>
+</section>
</section>
<section id="nmu">
</para>
<para>
While preparing the patch, you should better be aware of any package-specific
-practices that the maintainer might be using. Taking them into account reduces
-the burden of getting your changes integrated back in the normal package
-workflow and thus increases the possibilities that that will happen. A good
+practices that the maintainer might be using. Taking them into account
+reduces the burden of integrating your changes into the normal package
+workflow and thus increases the chances that integration will happen. A good
place where to look for for possible package-specific practices is
<ulink url="&url-debian-policy;ch-source.html#s-readmesource"><filename>debian/README.source</filename></ulink>.
</para>
<itemizedlist>
<listitem>
<para>
+Upload fixing only release-critical bugs older than 7 days, with no maintainer activity on the bug for 7 days and no indication that a fix is in progress: 0 days
+</para>
+</listitem>
+<listitem>
+<para>
Upload fixing only release-critical bugs older than 7 days: 2 days
</para>
</listitem>
version <literal>1.5+nmu1</literal>.
</para>
<para>
-If the package is a not a native package, you should add a minor version number
+If the package is not a native package, you should add a minor version number
to the Debian revision part of the version number (the portion after the last
hyphen). This extra number must start at <literal>1</literal>. For example,
if the current version is <literal>1.5-2</literal>, then an NMU would get
a false sense of good maintenance. For the same reason, team members do
not need to add themselves to the <literal>Uploaders</literal> field just because they are
uploading the package once, they can do a “Team upload” (see <xref
-linkend="nmu-team-upload"/>). Conversely, it it a bad idea to keep a
+linkend="nmu-team-upload"/>). Conversely, it is a bad idea to keep a
package with only the mailing list address as a <literal>Maintainer</literal> and no
<literal>Uploaders</literal>.
</para>
</para>
<para>
Sometimes, some packages never enter <literal>testing</literal> because the
-set of inter-relationship is too complicated and cannot be sorted out by the
+set of interrelationship is too complicated and cannot be sorted out by the
scripts. See below for details.
</para>
<para>
before or after this main run, depending on the exact type.
</para>
<para>
-If you want to see more details, you can look it up on
-<filename>merkel:/org/&ftp-debian-org;/testing/update_out/</filename> (or
-in <filename>merkel:~aba/testing/update_out</filename> to see a setup with
-a smaller packages file). Via web, it's at <ulink
-url="http://&ftp-master-host;/testing/update_out_code/"></ulink>.
+If you want to see more details, you can look it up on <ulink
+url="http://&ftp-master-host;/testing/update_output/"></ulink>.
</para>
<para>
The hints are available via <ulink
~ianmdlvl / developers-reference.git / blobdiff