X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=developers-reference.git;a=blobdiff_plain;f=beyond-pkging.dbk;h=88056fcc425d5ac440d48057888cd9eff7d257ec;hp=b6d423ec03d3683aa63ff4e0f61871152d2e9069;hb=f7c28267a332a4043fa6f1e8149b4fd98ec26da9;hpb=3b55509ebbb3a9d1243f2d624f72b9da559bb416 diff --git a/beyond-pkging.dbk b/beyond-pkging.dbk index b6d423e..88056fc 100644 --- a/beyond-pkging.dbk +++ b/beyond-pkging.dbk @@ -40,7 +40,7 @@ generally ease the process. Make sure the bug is not already filed against a package. Each package has a bug list easily reachable at -http://&bugs-host;/packagename +http://&bugs-host;/packagename. Utilities like querybts 1 can also provide you with this information (and reportbug will usually invoke @@ -337,8 +337,8 @@ Debian Developers can sponsor packages. Debian Maintainers can't. The process of sponsoring a package is: -The maintainer prepares a source package (.dsc) and puts it online -somewhere (like on mentors.debian.net). Or even better, she provides +The maintainer prepares a source package (.dsc) and puts it online +somewhere (like on mentors.debian.net) or even better, provides a link to a public VCS repository (see ) where the package is maintained. @@ -357,7 +357,7 @@ package, signs it, and uploads it to Debian. -But before delving in the details of how to sponsor a package, you should +Before delving in the details of how to sponsor a package, you should ask yourself whether adding the proposed package is beneficial to Debian. @@ -365,7 +365,7 @@ There's no simple rule to answer this question, it can depend on many factors: is the upstream codebase mature and not full of security holes? Are there pre-existing packages that can do the same task and how do they compare to this new package? Has the new package been requested by users -and how large is the userbase? How active are the upstream developers? +and how large is the user base? How active are the upstream developers? You should also ensure that the prospective maintainer is going @@ -406,8 +406,8 @@ it's also not enough. The rest of this section contains a non-exhaustive list of points to check in your review. -You can find more checks in the wiki: several developers share their own -sponsorship checklists at . +You can find more checks in the wiki where several developers share their own +sponsorship checklists. @@ -418,19 +418,19 @@ distributed by the upstream author (when the sources are repackaged for Debian, generate the modified tarball yourself). -Run lintian (see ). It will catch many common -problems. Be sure to verify that any lintian overrides setup by the +Run lintian (see ). It will catch many common +problems. Be sure to verify that any lintian overrides setup by the maintainer is fully justified. -Run licensecheck (part of ) and verify that +Run licensecheck (part of ) and verify that debian/copyright seems correct and complete. Look for license problems (like files with “All rights reserved” headers, or with a non-DFSG compliant license). grep -ri is your friend for this task. -Build the package with pbuilder (or any similar tool, see Build the package with pbuilder (or any similar tool, see ) to ensure that the build-dependencies are complete. @@ -445,14 +445,16 @@ best practices (see )? Do you see some possible improvements? -Proofread the maintainer scripts (preinst, postinst, prerm, postrm, -config): will the preinst/postrm work when the dependencies are not +Proofread the maintainer scripts (preinst, +postinst, prerm, +postrm, config): will the +preinst/postrm work when the dependencies are not installed? Are all the scripts idempotent (i.e. can you run them multiple times without consequences)? -Review any change to upstream files (either in .diff.gz, or in -debian/patches/ or directly embedded in the debian +Review any change to upstream files (either in .diff.gz, or in +debian/patches/ or directly embedded in the debian tarball for binary files). Are they justified? Are they properly documented (with DEP-3 for patches)? @@ -464,30 +466,30 @@ linkend="best-pkging-practices"/>)? Build the packages, install them and try the software. Ensure you can -remove and purge the packages. Maybe test them with piuparts. +remove and purge the packages. Maybe test them with piuparts. If the audit did not reveal any problem, you can build the package and -upload it to Debian. But remember that even if you're not the maintainer, +upload it to Debian. Remember that even if you're not the maintainer, the sponsor is still responsible of what he uploaded to Debian. That's why you're encouraged to keep up with the package through the . -Note that you should not need to modifiy the source package to put your name -in the changelog or in the control file. The Maintainer +Note that you should not need to modify the source package to put your name +in the changelog or in the control file. The Maintainer field of the control file and the changelog should list the person who did the packaging, i.e. the sponsoree. That way she will get all the BTS mail. -Instead you should instruct dpkg-buildpackage to use your key for -the signature. You do that with the -k option: +Instead you should instruct dpkg-buildpackage to use your key for +the signature. You do that with the -k option: dpkg-buildpackage -kKEY-ID -If you use debuild and debsign, you can even configure it permanently +If you use debuild and debsign, you can even configure it permanently in ~/.devscripts: DEBSIGN_KEYID=KEY-ID @@ -514,13 +516,13 @@ and rebuild it (or download the current binary packages with Read the new changelog entry, it should tell you what to expect during the review. The main tool you will use is debdiff (provide by -the devscripts package), you can run it with two source packages (.dsc -files), or two binary packages, or two .changes files (it will then -compare all the binary packages listed in the .changes). +the devscripts package), you can run it with two source packages (.dsc +files), or two binary packages, or two .changes files (it will then +compare all the binary packages listed in the .changes). If you compare the source packages (excluding upstream files in the case -of a new upstream version, for example by filtering the output of debdiff +of a new upstream version, for example by filtering the output of debdiff with filterdiff -i '*/debian/*'), you must understand all the changes you see and they should be properly documented in the Debian changelog. @@ -538,9 +540,9 @@ maintainer has not missed something important. Maybe there are translations updates sitting in the BTS that could have been integrated. Maybe the package has been NMUed and the maintainer forgot to integrate the changes from the NMU in his package. Maybe there's a release critical bug that he has left -unhandled and that's blocking migration to testing. Whatever. If you find +unhandled and that's blocking migration to testing. Whatever. If you find something that she could have done (better), it's time to tell her so that -she can improve for next time. And so that she has a better understanding +she can improve for next time, and so that she has a better understanding of her responsibilities.