X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=developers-reference.git;a=blobdiff_plain;f=pkgs.dbk;h=baec071708b82f55b5f4c7439f430c6c0593d5ca;hp=e9b058a3e2486f6fa535671aedb3705c08bfad3c;hb=39be11fbe9478b9a5d6fb527f78d54a053b6e7bb;hpb=7f2b8064fcbddda5c452be1a1be04723ebd42e1a
diff --git a/pkgs.dbk b/pkgs.dbk
index e9b058a..baec071 100644
--- a/pkgs.dbk
+++ b/pkgs.dbk
@@ -37,15 +37,21 @@ Please send a copy to &email-debian-devel; by using the X-Debbugs-CC
header (don't use CC:, because that way the message's subject won't
indicate the bug number). If you are packaging so many new packages (>10)
that notifying the mailing list in seperate messages is too disruptive,
-do send a summary after filing the bugs to the debian-devel list instead.
+send a summary after filing the bugs to the debian-devel list instead.
This will inform the other developers about upcoming packages and will
allow a review of your description and package name.
-Please include a Closes:
-bug#nnnnn entry in the changelog of the
-new package in order for the bug report to be automatically closed once the new
-package is installed in the archive (see ).
+Please include a Closes: #nnnnn
+entry in the changelog of the new package in order for the bug report to
+be automatically closed once the new package is installed in the archive
+(see ).
+
+
+If you think your package needs some explanations for the administrators of the
+NEW package queue, include them in your changelog, send to ftpmaster@debian.org
+a reply to the email you receive as a maintainer after your upload, or reply to
+the rejection email in case you are already re-uploading.
When closing security bugs include CVE numbers as well as the Closes: #nnnnn.
@@ -217,23 +223,25 @@ distinction between the original sources and the patches applied for Debian
the (more common) packages where there's an original source tarball file
-accompanied by another file that contains the patches applied for Debian
+accompanied by another file that contains the changes made by Debian
For the native packages, the source package includes a Debian source control
file (.dsc) and the source tarball
-(.tar.gz). A source package of a non-native package
+(.tar.{gz,bz2,lzma}). A source package of a non-native package
includes a Debian source control file, the original source tarball
-(.orig.tar.gz) and the Debian patches
-(.diff.gz).
+(.orig.tar.{gz,bz2,lzma}) and the Debian changes
+(.diff.gz for the source format â1.0â or
+.debian.tar.{gz,bz2,lzma} for the source format â3.0 (quilt)â).
-Whether a package is native or not is determined when it is built by
- dpkg-buildpackage
-1 . The rest of this section relates
-only to non-native packages.
+With source format â1.0â, whether a package is native or not was determined
+by dpkg-source at build time. Nowadays it is recommended
+to be explicit about the desired source format by putting either â3.0 (quilt)â
+or â3.0 (native)â in debian/source/format.
+The rest of this section relates only to non-native packages.
The first time a version is uploaded which corresponds to a particular upstream
@@ -245,8 +253,8 @@ will not need to be re-uploaded.
By default, dpkg-genchanges and
dpkg-buildpackage will include the original source tar file
-if and only if the Debian revision part of the source version number is 0 or 1,
-indicating a new upstream version. This behavior may be modified by using
+if and only if the current changelog entry has a different upstream version
+from the preceding entry. This behavior may be modified by using
-sa to always include it or -sd to always
leave it out.
@@ -259,8 +267,10 @@ the archive.
Please notice that, in non-native packages, permissions on files that are not
-present in the .orig.tar.gz will not be preserved, as diff does not store file
-permissions in the patch.
+present in the .orig.tar.{gz,bz2} will not be preserved, as diff does not store file
+permissions in the patch. However when using source format â3.0 (quilt)â,
+permissions of files inside the debian directory are
+preserved since they are stored in a tar archive.
@@ -291,7 +301,7 @@ time.
Special case: uploads to the <literal>stable</literal> and
<literal>oldstable</literal> distributions
-Uploading to stable means that the package will transfered
+Uploading to stable means that the package will transferred
to the proposed-updates-new queue for review by the stable
release managers, and if approved will be installed in
stable-proposed-updates directory of the Debian archive.
@@ -376,9 +386,9 @@ section for details.
Uploading to <literal>ftp-master</literal>
To upload a package, you should upload the files (including the signed changes
-and dsc-file) with anonymous ftp to &ftp-master-host; in
+and dsc-file) with anonymous ftp to &ftp-upload-host; in
the directory &upload-queue;.
+url="ftp://&ftp-upload-host;&upload-queue;">&upload-queue;.
To get the files processed there, they need to be signed with a key in the
Debian Developers keyring or the Debian Maintainers keyring
(see ).
@@ -394,7 +404,8 @@ linkend="dput"/> useful when uploading packages. These handy programs help
automate the process of uploading packages into Debian.
-For removing packages, please see the README file in that ftp directory, and
+For removing packages, please see
+ and
the Debian package .
@@ -416,9 +427,9 @@ the deferred uploads queue".
When the specified waiting time is over, the package is moved into
the regular incoming directory for processing.
This is done through automatic uploading to
-&ftp-master-host; in upload-directory
+&ftp-upload-host; in upload-directory
DELAYED/[012345678]-day. 0-day is uploaded
-multiple times per day to &ftp-master-host;.
+multiple times per day to &ftp-upload-host;.
With dput, you can use the --delayed DELAY
@@ -441,19 +452,16 @@ see section .
Other upload queues
-The scp queues on &ftp-master-host;, and
-security.debian.org are mostly unusable due to the login restrictions
-on those hosts.
-
-
-The anonymous queues on ftp.uni-erlangen.de and ftp.uk.debian.org are currently
-down. Work is underway to resurrect them.
+There is an alternative upload queue in Europe at . It operates in
+the same way as &ftp-upload-host;, but should be faster
+for European developers.
-The queues on master.debian.org, samosa.debian.org, master.debian.or.jp, and
-ftp.chiark.greenend.org.uk are down permanently, and will not be resurrected.
-The queue in Japan will be replaced with a new queue on hp.debian.or.jp some
-day.
+Packages can also be uploaded via ssh to
+&ssh-upload-host;; files should be put
+/srv/upload.debian.org/UploadQueue. This queue does
+not support delayed uploads.
@@ -511,10 +519,13 @@ file.
To alter the actual section that a package is put in, you need to first make
sure that the debian/control file in your package is
-accurate. Next, send an email &email-override; or submit a
+accurate. Next, submit a
bug against ftp.debian.org requesting
that the section or priority for your package be changed from the old section
-or priority to the new one. Be sure to explain your reasoning.
+or priority to the new one. Use a Subject like
+override: PACKAGE1:section/priority, [...],
+ PACKAGEX:section/priority, and include the justification for the
+change in the body of the bug report.
For more information about override files, see
@@ -877,7 +888,7 @@ below on how to prepare packages for the Security Team to handle.
The Security Tracker
The security team maintains a central database, the
-Debian Security Tracker.
+Debian Security Tracker.
This contains all public information that is known about security issues:
which packages and versions are affected or fixed, and thus whether stable,
testing and/or unstable are vulnerable. Information that is still confidential
@@ -962,7 +973,7 @@ has become public.
The Security Team has a PGP-key to enable encrypted communication about
-sensitive issues. See the Security Team FAQ for details.
+sensitive issues. See the Security Team FAQ for details.
@@ -1103,7 +1114,7 @@ Be sure to verify the following items:
Target the right distribution
in your debian/changelog.
For stable this is stable-security and
-for testing this is testing-security, and for the previous
+for testing this is testing-security, and for the previous
stable release, this is oldstable-security. Do not target
distribution-proposed-updates or
stable!
@@ -1151,7 +1162,7 @@ upload without upstream source ( dpkg-buildpackage -sd).
Be sure to use the exact same
-*.orig.tar.gz as used in the
+*.orig.tar.{gz,bz2} as used in the
normal archive, otherwise it is not possible to move the security fix into the
main archives later.
@@ -1237,7 +1248,7 @@ control information to place the package in the desired section, and re-upload
the package (see the Debian Policy Manual for
details). You must ensure that you include the
-.orig.tar.gz in your upload (even if you are not uploading
+.orig.tar.{gz,bz2} in your upload (even if you are not uploading
a new upstream version), or it will not appear in the new section together with
the rest of the package. If your new section is valid, it will be moved
automatically. If it does not, then contact the ftpmasters in order to
@@ -1338,6 +1349,10 @@ should either be reassigned to another package in the case where the actual
code has evolved into another package (e.g. libfoo12 was
removed because libfoo13 supersedes it) or closed if the
software is simply no longer part of Debian.
+When closing the bugs,
+to avoid marking the bugs as fixed in versions of the packages
+in previous Debian releases, they should be marked as fixed
+in the version <most-recent-version-ever-in-Debian>+rm.
Removing packages from <filename>Incoming</filename>
@@ -1382,9 +1397,10 @@ Note that this applies to each part of your package, including the sources: if
you wish to replace the upstream source tarball of your package, you will need
to upload it with a different version. An easy possibility is to replace
foo_1.00.orig.tar.gz with
-foo_1.00+0.orig.tar.gz. This restriction gives each file
-on the ftp site a unique name, which helps to ensure consistency across the
-mirror network.
+foo_1.00+0.orig.tar.gz or
+foo_1.00.orig.tar.bz2. This restriction gives each
+file on the ftp site a unique name, which helps to ensure consistency
+across the mirror network.
@@ -1781,9 +1797,17 @@ flavor of Debian built with gcc bounds checking). It will
also enable Debian to recompile entire distributions quickly.
-The buildds admins of each arch can be contacted at the mail address
-arch@buildd.debian.org.
+The wanna-build team, in charge of the buildds,
+can be reached at debian-wb-team@lists.debian.org.
+To determine who (wanna-build team, release team) and how (mail, BTS)
+to contact, refer to .
+
+
+When requesting binNMUs or give-backs (retries after a failed build),
+please use the format described at .
+
+
@@ -1823,8 +1847,7 @@ fail also, and indicate this to a human reader without actually trying.
In order to prevent autobuilders from needlessly trying to build your package,
it must be included in packages-arch-specific, a list used
by the wanna-build script. The current version is available
-as ;
+as ;
please see the top of the file for whom to contact for changes.
@@ -1983,18 +2006,33 @@ upload. The first line of this entry must explicitely mention that this upload
-The version must be the version of the last maintainer upload, plus
+The way to version NMUs differs for native and non-native packages.
+
+
+If the package is a native package (without a debian revision in the version number),
+the version must be the version of the last maintainer upload, plus
+nmuX, where
-X is a counter starting at 1. If
+X is a counter starting at 1.
+If
the last upload was also an NMU, the counter should be increased. For example,
-if the current version is 1.5-1, then an NMU would get
-version 1.5-1+nmu1. If the current version is
-1.5+nmu3 (a native package which has already been NMUed), the
-NMU would get version 1.5+nmu4. If a new upstream version
+if the current version is 1.5, then an NMU would get
+version 1.5+nmu1.
+
+
+If the package is a not a native package, you should add a minor version number
+to the debian revision part of the version number (the portion after the last
+hyphen). This extra number must start at 1. For example,
+if the current version is 1.5-2, then an NMU would get
+version 1.5-2.1. If a new upstream version
is packaged in the NMU, the debian revision is set to 0, for
-example 1.6-0+nmu1.
+example 1.6-0.1.
+
+
+In both cases, if the last upload was also an NMU, the counter should
+be increased. For example, if the current version is
+1.5+nmu3 (a native package which has already been
+NMUed), the NMU would get version 1.5+nmu4. .
-
A special versioning scheme is needed to avoid disrupting the maintainer's
work, since using an integer for the Debian revision will potentially
@@ -2156,6 +2194,21 @@ the new version (see ).
+
+NMUs vs team uploads
+
+
+Sometimes you are fixing and/or updating a package because you are member of a
+packaging team (which uses a mailing list as Maintainer or Uploader, see ) but you don't want to add yourself to Uploaders
+because you do not plan to contribute regularly to this specific package. If it
+conforms with your team's policy, you can perform a normal upload without
+being listed directly as Maintainer or Uploader. In that case, you should
+start your changelog entry with the following line: * Team upload..
+
+
+
+
@@ -2230,11 +2283,17 @@ moderation for non-subscribers).
+
In any case, it is a bad idea to automatically put all team members in the
-Uploaders field. It clutters the Developer's Package Overview listing (see
+Uploaders field. It clutters the Developer's Package Overview listing (see
) with packages one doesn't really care for, and creates
-a false sense of good maintenance.
+a false sense of good maintenance. For the same reason, team members do
+not need to add themselves to the Uploaders field just because they are
+uploading the package once, they can do a âTeam uploadâ (see ). Conversely, it it a bad idea to keep a
+package with only the mailing list address as a Maintainer and no
+Uploaders.