header (don't use CC:, because that way the message's subject won't
indicate the bug number). If you are packaging so many new packages (>10)
that notifying the mailing list in seperate messages is too disruptive,
-do send a summary after filing the bugs to the debian-devel list instead.
+send a summary after filing the bugs to the debian-devel list instead.
This will inform the other developers about upcoming packages and will
allow a review of your description and package name.
</para>
<para>
-Please include a <literal>Closes:
-bug#<replaceable>nnnnn</replaceable></literal> entry in the changelog of the
-new package in order for the bug report to be automatically closed once the new
-package is installed in the archive (see <xref linkend="upload-bugfix"/> ).
+Please include a <literal>Closes: #<replaceable>nnnnn</replaceable></literal>
+entry in the changelog of the new package in order for the bug report to
+be automatically closed once the new package is installed in the archive
+(see <xref linkend="upload-bugfix"/>).
+</para>
+<para>
+If you think your package needs some explanations for the administrators of the
+NEW package queue, include them in your changelog, send to ftpmaster@debian.org
+a reply to the email you receive as a maintainer after your upload, or reply to
+the rejection email in case you are already re-uploading.
</para>
<para>
When closing security bugs include CVE numbers as well as the Closes: #nnnnn.
<listitem>
<para>
the (more common) packages where there's an original source tarball file
-accompanied by another file that contains the patches applied for Debian
+accompanied by another file that contains the changes made by Debian
</para>
</listitem>
</itemizedlist>
<para>
For the native packages, the source package includes a Debian source control
file (<literal>.dsc</literal>) and the source tarball
-(<literal>.tar.gz</literal>). A source package of a non-native package
+(<literal>.tar.{gz,bz2,lzma}</literal>). A source package of a non-native package
includes a Debian source control file, the original source tarball
-(<literal>.orig.tar.gz</literal>) and the Debian patches
-(<literal>.diff.gz</literal>).
+(<literal>.orig.tar.{gz,bz2,lzma}</literal>) and the Debian changes
+(<literal>.diff.gz</literal> for the source format “1.0” or
+<literal>.debian.tar.{gz,bz2,lzma}</literal> for the source format “3.0 (quilt)”).
</para>
<para>
-Whether a package is native or not is determined when it is built by
-<citerefentry> <refentrytitle>dpkg-buildpackage</refentrytitle>
-<manvolnum>1</manvolnum> </citerefentry>. The rest of this section relates
-only to non-native packages.
+With source format “1.0”, whether a package is native or not was determined
+by <command>dpkg-source</command> at build time. Nowadays it is recommended
+to be explicit about the desired source format by putting either “3.0 (quilt)”
+or “3.0 (native)” in <filename>debian/source/format</filename>.
+The rest of this section relates only to non-native packages.
</para>
<para>
The first time a version is uploaded which corresponds to a particular upstream
<para>
By default, <command>dpkg-genchanges</command> and
<command>dpkg-buildpackage</command> will include the original source tar file
-if and only if the Debian revision part of the source version number is 0 or 1,
-indicating a new upstream version. This behavior may be modified by using
+if and only if the current changelog entry has a different upstream version
+from the preceding entry. This behavior may be modified by using
<literal>-sa</literal> to always include it or <literal>-sd</literal> to always
leave it out.
</para>
</para>
<para>
Please notice that, in non-native packages, permissions on files that are not
-present in the .orig.tar.gz will not be preserved, as diff does not store file
-permissions in the patch.
+present in the .orig.tar.{gz,bz2} will not be preserved, as diff does not store file
+permissions in the patch. However when using source format “3.0 (quilt)”,
+permissions of files inside the <filename>debian</filename> directory are
+preserved since they are stored in a tar archive.
</para>
</section>
<title>Special case: uploads to the <literal>stable</literal> and
<literal>oldstable</literal> distributions</title>
<para>
-Uploading to <literal>stable</literal> means that the package will transfered
+Uploading to <literal>stable</literal> means that the package will transferred
to the <literal>proposed-updates-new</literal> queue for review by the stable
release managers, and if approved will be installed in
<filename>stable-proposed-updates</filename> directory of the Debian archive.
<title>Uploading to <literal>ftp-master</literal></title>
<para>
To upload a package, you should upload the files (including the signed changes
-and dsc-file) with anonymous ftp to <literal>&ftp-master-host;</literal> in
+and dsc-file) with anonymous ftp to <literal>&ftp-upload-host;</literal> in
the directory <ulink
-url="ftp://&ftp-master-host;&upload-queue;">&upload-queue;</ulink>.
+url="ftp://&ftp-upload-host;&upload-queue;">&upload-queue;</ulink>.
To get the files processed there, they need to be signed with a key in the
Debian Developers keyring or the Debian Maintainers keyring
(see <ulink url="&url-wiki-dm;"></ulink>).
automate the process of uploading packages into Debian.
</para>
<para>
-For removing packages, please see the README file in that ftp directory, and
+For removing packages, please see
+<ulink url="ftp://&ftp-upload-host;&upload-queue;/README"/> and
the Debian package <xref linkend="dcut"/> .
</para>
</section>
When the specified waiting time is over, the package is moved into
the regular incoming directory for processing.
This is done through automatic uploading to
-<literal>&ftp-master-host;</literal> in upload-directory
+<literal>&ftp-upload-host;</literal> in upload-directory
<literal>DELAYED/[012345678]-day</literal>. 0-day is uploaded
-multiple times per day to <literal>&ftp-master-host;</literal>.
+multiple times per day to <literal>&ftp-upload-host;</literal>.
</para>
<para>
With dput, you can use the <literal>--delayed <replaceable>DELAY</replaceable></literal>
<section id="s5.6.5">
<title>Other upload queues</title>
<para>
-The scp queues on <literal>&ftp-master-host;</literal>, and <literal>
-security.debian.org</literal> are mostly unusable due to the login restrictions
-on those hosts.
-</para>
-<para>
-The anonymous queues on ftp.uni-erlangen.de and ftp.uk.debian.org are currently
-down. Work is underway to resurrect them.
+There is an alternative upload queue in Europe at <ulink
+url="ftp://&ftp-eu-upload-host;&upload-queue;"/>. It operates in
+the same way as <literal>&ftp-upload-host;</literal>, but should be faster
+for European developers.
</para>
<para>
-The queues on master.debian.org, samosa.debian.org, master.debian.or.jp, and
-ftp.chiark.greenend.org.uk are down permanently, and will not be resurrected.
-The queue in Japan will be replaced with a new queue on hp.debian.or.jp some
-day.
+Packages can also be uploaded via ssh to
+<literal>&ssh-upload-host;</literal>; files should be put
+<literal>/srv/upload.debian.org/UploadQueue</literal>. This queue does
+not support <xref linkend="delayed-incoming">delayed uploads</xref>.
</para>
</section>
<para>
To alter the actual section that a package is put in, you need to first make
sure that the <filename>debian/control</filename> file in your package is
-accurate. Next, send an email &email-override; or submit a
+accurate. Next, submit a
bug against <systemitem role="package">ftp.debian.org</systemitem> requesting
that the section or priority for your package be changed from the old section
-or priority to the new one. Be sure to explain your reasoning.
+or priority to the new one. Use a Subject like
+<literal>override: PACKAGE1:section/priority, [...],
+ PACKAGEX:section/priority</literal>, and include the justification for the
+change in the body of the bug report.
</para>
<para>
For more information about <literal>override files</literal>, see
<title>The Security Tracker</title>
<para>
The security team maintains a central database, the
-<ulink url="http://security-tracker.debian.net/">Debian Security Tracker</ulink>.
+<ulink url="http://security-tracker.debian.org/">Debian Security Tracker</ulink>.
This contains all public information that is known about security issues:
which packages and versions are affected or fixed, and thus whether stable,
testing and/or unstable are vulnerable. Information that is still confidential
</para>
<para>
The Security Team has a PGP-key to enable encrypted communication about
-sensitive issues. See the <ulink url="http://www.debian.org/security/faq.en.html#contact">Security Team FAQ</ulink> for details.
+sensitive issues. See the <ulink url="http://www.debian.org/security/faq#contact">Security Team FAQ</ulink> for details.
</para>
</section>
<emphasis role="strong">Target the right distribution</emphasis>
in your <filename>debian/changelog</filename>.
For <literal>stable</literal> this is <literal>stable-security</literal> and
-for testing this is <literal>testing-security</literal>, and for the previous
+for <literal>testing</literal> this is <literal>testing-security</literal>, and for the previous
stable release, this is <literal>oldstable-security</literal>. Do not target
<replaceable>distribution</replaceable><literal>-proposed-updates</literal> or
<literal>stable</literal>!
<listitem>
<para>
Be sure to use the <emphasis role="strong">exact same
-<filename>*.orig.tar.gz</filename></emphasis> as used in the
+<filename>*.orig.tar.{gz,bz2}</filename></emphasis> as used in the
normal archive, otherwise it is not possible to move the security fix into the
main archives later.
</para>
the package (see the <ulink
url="&url-debian-policy;">Debian Policy Manual</ulink> for
details). You must ensure that you include the
-<filename>.orig.tar.gz</filename> in your upload (even if you are not uploading
+<filename>.orig.tar.{gz,bz2}</filename> in your upload (even if you are not uploading
a new upstream version), or it will not appear in the new section together with
the rest of the package. If your new section is valid, it will be moved
automatically. If it does not, then contact the ftpmasters in order to
code has evolved into another package (e.g. <literal>libfoo12</literal> was
removed because <literal>libfoo13</literal> supersedes it) or closed if the
software is simply no longer part of Debian.
+When closing the bugs,
+to avoid marking the bugs as fixed in versions of the packages
+in previous Debian releases, they should be marked as fixed
+in the version <literal><most-recent-version-ever-in-Debian>+rm</literal>.
</para>
<section id="s5.9.2.1">
<title>Removing packages from <filename>Incoming</filename></title>
you wish to replace the upstream source tarball of your package, you will need
to upload it with a different version. An easy possibility is to replace
<filename>foo_1.00.orig.tar.gz</filename> with
-<filename>foo_1.00+0.orig.tar.gz</filename>. This restriction gives each file
-on the ftp site a unique name, which helps to ensure consistency across the
-mirror network.
+<filename>foo_1.00+0.orig.tar.gz</filename> or
+<filename>foo_1.00.orig.tar.bz2</filename>. This restriction gives each
+file on the ftp site a unique name, which helps to ensure consistency
+across the mirror network.
</para>
</section>
also enable Debian to recompile entire distributions quickly.
</para>
<para>
-The buildds admins of each arch can be contacted at the mail address
-<literal><replaceable>arch</replaceable>@buildd.debian.org</literal>.
+The wanna-build team, in charge of the buildds,
+can be reached at <literal>debian-wb-team@lists.debian.org</literal>.
+To determine who (wanna-build team, release team) and how (mail, BTS)
+to contact, refer to <ulink url="&url-wb-team;"></ulink>.
</para>
+
+<para>
+When requesting binNMUs or give-backs (retries after a failed build),
+please use the format described at <ulink url="&url-release-wb;"/>.
+</para>
+
</section>
</section>
In order to prevent autobuilders from needlessly trying to build your package,
it must be included in <filename>packages-arch-specific</filename>, a list used
by the <command>wanna-build</command> script. The current version is available
-as <ulink
-url="&url-cvsweb;srcdep/Packages-arch-specific?cvsroot=dak"></ulink>;
+as <ulink url="&url-buildd-p-a-s;"/>;
please see the top of the file for whom to contact for changes.
</para>
</listitem>
</screen>
<para>
-The version must be the version of the last maintainer upload, plus
+The way to version NMUs differs for native and non-native packages.
+</para>
+<para>
+If the package is a native package (without a debian revision in the version number),
+the version must be the version of the last maintainer upload, plus
<literal>+nmu<replaceable>X</replaceable></literal>, where
-<replaceable>X</replaceable> is a counter starting at <literal>1</literal>. If
+<replaceable>X</replaceable> is a counter starting at <literal>1</literal>.
+If
the last upload was also an NMU, the counter should be increased. For example,
-if the current version is <literal>1.5-1</literal>, then an NMU would get
-version <literal>1.5-1+nmu1</literal>. If the current version is
-<literal>1.5+nmu3</literal> (a native package which has already been NMUed), the
-NMU would get version <literal>1.5+nmu4</literal>. If a new upstream version
+if the current version is <literal>1.5</literal>, then an NMU would get
+version <literal>1.5+nmu1</literal>.
+</para>
+<para>
+If the package is a not a native package, you should add a minor version number
+to the debian revision part of the version number (the portion after the last
+hyphen). This extra number must start at 1. For example,
+if the current version is <literal>1.5-2</literal>, then an NMU would get
+version <literal>1.5-2.1</literal>. If a new upstream version
is packaged in the NMU, the debian revision is set to <literal>0</literal>, for
-example <literal>1.6-0+nmu1</literal>.
+example <literal>1.6-0.1</literal>.
+</para>
+<para>
+In both cases, if the last upload was also an NMU, the counter should
+be increased. For example, if the current version is
+<literal>1.5+nmu3</literal> (a native package which has already been
+NMUed), the NMU would get version <literal>1.5+nmu4</literal>. .
</para>
-
<para>
A special versioning scheme is needed to avoid disrupting the maintainer's
work, since using an integer for the Debian revision will potentially
</section>
+<section id="nmu-team-upload">
+<title>NMUs vs team uploads</title>
+
+<para>
+Sometimes you are fixing and/or updating a package because you are member of a
+packaging team (which uses a mailing list as Maintainer or Uploader, see <xref
+linkend="collaborative-maint"/>) but you don't want to add yourself to Uploaders
+because you do not plan to contribute regularly to this specific package. If it
+conforms with your team's policy, you can perform a normal upload without
+being listed directly as Maintainer or Uploader. In that case, you should
+start your changelog entry with the following line: <code> * Team upload.</code>.
+</para>
+
+</section>
+
</section>
<section id="collaborative-maint">
</para>
</listitem>
</orderedlist>
+
<para>
In any case, it is a bad idea to automatically put all team members in the
-Uploaders field. It clutters the Developer's Package Overview listing (see
+Uploaders field. It clutters the Developer's Package Overview listing (see
<xref linkend="ddpo"/> ) with packages one doesn't really care for, and creates
-a false sense of good maintenance.
+a false sense of good maintenance. For the same reason, team members do
+not need to add themselves to the Uploaders field just because they are
+uploading the package once, they can do a “Team upload” (see <xref
+linkend="nmu-team-upload"/>). Conversely, it it a bad idea to keep a
+package with only the mailing list address as a Maintainer and no
+Uploaders.
</para>
</section>
~ianmdlvl / developers-reference.git / blobdiff