<listitem>
<para>
the (more common) packages where there's an original source tarball file
-accompanied by another file that contains the patches applied for Debian
+accompanied by another file that contains the changes made by Debian
</para>
</listitem>
</itemizedlist>
<para>
For the native packages, the source package includes a Debian source control
file (<literal>.dsc</literal>) and the source tarball
-(<literal>.tar.gz</literal>). A source package of a non-native package
+(<literal>.tar.{gz,bz2,lzma}</literal>). A source package of a non-native package
includes a Debian source control file, the original source tarball
-(<literal>.orig.tar.gz</literal>) and the Debian patches
-(<literal>.diff.gz</literal>).
+(<literal>.orig.tar.{gz,bz2,lzma}</literal>) and the Debian changes
+(<literal>.diff.gz</literal> for the source format “1.0” or
+<literal>.debian.tar.{gz,bz2,lzma}</literal> for the source format “3.0 (quilt)”).
</para>
<para>
-Whether a package is native or not is determined when it is built by
-<citerefentry> <refentrytitle>dpkg-buildpackage</refentrytitle>
-<manvolnum>1</manvolnum> </citerefentry>. The rest of this section relates
-only to non-native packages.
+With source format “1.0”, whether a package is native or not was determined
+by <command>dpkg-source</command> at build time. Nowadays it is recommended
+to be explicit about the desired source format by putting either “3.0 (quilt)”
+or “3.0 (native)” in <filename>debian/source/format</filename>.
+The rest of this section relates only to non-native packages.
</para>
<para>
The first time a version is uploaded which corresponds to a particular upstream
<para>
By default, <command>dpkg-genchanges</command> and
<command>dpkg-buildpackage</command> will include the original source tar file
-if and only if the Debian revision part of the source version number is 0 or 1,
-indicating a new upstream version. This behavior may be modified by using
+if and only if the current changelog entry has a different upstream version
+from the preceding entry. This behavior may be modified by using
<literal>-sa</literal> to always include it or <literal>-sd</literal> to always
leave it out.
</para>
</para>
<para>
Please notice that, in non-native packages, permissions on files that are not
-present in the .orig.tar.gz will not be preserved, as diff does not store file
-permissions in the patch.
+present in the .orig.tar.{gz,bz2} will not be preserved, as diff does not store file
+permissions in the patch. However when using source format “3.0 (quilt)”,
+permissions of files inside the <filename>debian</filename> directory are
+preserved since they are stored in a tar archive.
</para>
</section>
<title>Special case: uploads to the <literal>stable</literal> and
<literal>oldstable</literal> distributions</title>
<para>
-Uploading to <literal>stable</literal> means that the package will transfered
+Uploading to <literal>stable</literal> means that the package will transferred
to the <literal>proposed-updates-new</literal> queue for review by the stable
release managers, and if approved will be installed in
<filename>stable-proposed-updates</filename> directory of the Debian archive.
<title>Uploading to <literal>ftp-master</literal></title>
<para>
To upload a package, you should upload the files (including the signed changes
-and dsc-file) with anonymous ftp to <literal>&ftp-master-host;</literal> in
+and dsc-file) with anonymous ftp to <literal>&ftp-upload-host;</literal> in
the directory <ulink
-url="ftp://&ftp-master-host;&upload-queue;">&upload-queue;</ulink>.
+url="ftp://&ftp-upload-host;&upload-queue;">&upload-queue;</ulink>.
To get the files processed there, they need to be signed with a key in the
Debian Developers keyring or the Debian Maintainers keyring
(see <ulink url="&url-wiki-dm;"></ulink>).
automate the process of uploading packages into Debian.
</para>
<para>
-For removing packages, please see the README file in that ftp directory, and
+For removing packages, please see
+<ulink url="ftp://&ftp-upload-host;&upload-queue;/README"/> and
the Debian package <xref linkend="dcut"/> .
</para>
</section>
When the specified waiting time is over, the package is moved into
the regular incoming directory for processing.
This is done through automatic uploading to
-<literal>&ftp-master-host;</literal> in upload-directory
+<literal>&ftp-upload-host;</literal> in upload-directory
<literal>DELAYED/[012345678]-day</literal>. 0-day is uploaded
-multiple times per day to <literal>&ftp-master-host;</literal>.
+multiple times per day to <literal>&ftp-upload-host;</literal>.
</para>
<para>
With dput, you can use the <literal>--delayed <replaceable>DELAY</replaceable></literal>
<section id="s5.6.5">
<title>Other upload queues</title>
<para>
-The scp queues on <literal>&ftp-master-host;</literal>, and <literal>
-security.debian.org</literal> are mostly unusable due to the login restrictions
-on those hosts.
+There is an alternative upload queue in Europe at <ulink
+url="ftp://&ftp-eu-upload-host;&upload-queue;"/>. It operates in
+the same way as <literal>&ftp-upload-host;</literal>, but should be faster
+for European developers.
</para>
<para>
-The anonymous queues on ftp.uni-erlangen.de and ftp.uk.debian.org are currently
-down. Work is underway to resurrect them.
-</para>
-<para>
-The queues on master.debian.org, samosa.debian.org, master.debian.or.jp, and
-ftp.chiark.greenend.org.uk are down permanently, and will not be resurrected.
+Packages can also be uploaded via ssh to
+<literal>&ssh-upload-host;</literal>; files should be put
+<literal>/srv/upload.debian.org/UploadQueue</literal>. This queue does
+not support <xref linkend="delayed-incoming">delayed uploads</xref>.
</para>
</section>
<title>The Security Tracker</title>
<para>
The security team maintains a central database, the
-<ulink url="http://security-tracker.debian.net/">Debian Security Tracker</ulink>.
+<ulink url="http://security-tracker.debian.org/">Debian Security Tracker</ulink>.
This contains all public information that is known about security issues:
which packages and versions are affected or fixed, and thus whether stable,
testing and/or unstable are vulnerable. Information that is still confidential
</para>
<para>
The Security Team has a PGP-key to enable encrypted communication about
-sensitive issues. See the <ulink url="http://www.debian.org/security/faq.en.html#contact">Security Team FAQ</ulink> for details.
+sensitive issues. See the <ulink url="http://www.debian.org/security/faq#contact">Security Team FAQ</ulink> for details.
</para>
</section>
<emphasis role="strong">Target the right distribution</emphasis>
in your <filename>debian/changelog</filename>.
For <literal>stable</literal> this is <literal>stable-security</literal> and
-for testing this is <literal>testing-security</literal>, and for the previous
+for <literal>testing</literal> this is <literal>testing-security</literal>, and for the previous
stable release, this is <literal>oldstable-security</literal>. Do not target
<replaceable>distribution</replaceable><literal>-proposed-updates</literal> or
<literal>stable</literal>!
<listitem>
<para>
Be sure to use the <emphasis role="strong">exact same
-<filename>*.orig.tar.gz</filename></emphasis> as used in the
+<filename>*.orig.tar.{gz,bz2}</filename></emphasis> as used in the
normal archive, otherwise it is not possible to move the security fix into the
main archives later.
</para>
the package (see the <ulink
url="&url-debian-policy;">Debian Policy Manual</ulink> for
details). You must ensure that you include the
-<filename>.orig.tar.gz</filename> in your upload (even if you are not uploading
+<filename>.orig.tar.{gz,bz2}</filename> in your upload (even if you are not uploading
a new upstream version), or it will not appear in the new section together with
the rest of the package. If your new section is valid, it will be moved
automatically. If it does not, then contact the ftpmasters in order to
you wish to replace the upstream source tarball of your package, you will need
to upload it with a different version. An easy possibility is to replace
<filename>foo_1.00.orig.tar.gz</filename> with
-<filename>foo_1.00+0.orig.tar.gz</filename>. This restriction gives each file
-on the ftp site a unique name, which helps to ensure consistency across the
-mirror network.
+<filename>foo_1.00+0.orig.tar.gz</filename> or
+<filename>foo_1.00.orig.tar.bz2</filename>. This restriction gives each
+file on the ftp site a unique name, which helps to ensure consistency
+across the mirror network.
</para>
</section>
In order to prevent autobuilders from needlessly trying to build your package,
it must be included in <filename>packages-arch-specific</filename>, a list used
by the <command>wanna-build</command> script. The current version is available
-as <ulink
-url="&url-cvsweb;srcdep/Packages-arch-specific?cvsroot=dak"></ulink>;
+as <ulink url="&url-buildd-p-a-s;"/>;
please see the top of the file for whom to contact for changes.
</para>
</listitem>
~ianmdlvl / developers-reference.git / blobdiff