update information about gpg and t-p-u uploads

git-svn-id: svn://anonscm.debian.org/ddp/manuals/trunk/developers-reference@2615 313b444b-1b9f-4f58-a734-7bb04f332e8d

diff --git a/debian/changelog b/debian/changelog
index b2bef05349ca95ec0d5d5d4f2af513edec6cf981..02f82434fb5641a2821b510e74c3013013e29b8e 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -22,12 +22,13 @@ developers-reference (3.3.5) unstable; urgency=low
     - add hint about -v<version> to experimental. Closes: #232930
     - update information about yada. Closes: #217956
     - urgency is sticky. Closes: #261914
-    - updated information about testing distribution.
+    - updated information about testing distribution. Closes: #266649.
     - rewrote the NMU section, and
       + made the possible severities of "target bugs" clearer. Closes: #233088.
       + mention QA uploads. Closes: #202416.
       + add -B for binNMUs, and local debsign usage. Closes: #208839.
       + warning about breaking all-packages by binNMU. Closes: #213348.
+    - add information about gpg usage. Closes: #175815.
   * Matt Zimmerman
     - Security uploads get urgency=high
     - Be even more explicit about not uploading security updates

diff --git a/developers-reference.sgml b/developers-reference.sgml
index 0745cc39a1b82cbd58d18d7e16fff50165de83f9..48cc70e006d3aecb60d4b9467a8dd9dd8e9966fe 100644 (file)
--- a/developers-reference.sgml
+++ b/developers-reference.sgml
@@ -6,7 +6,7 @@
   <!ENTITY % commondata  SYSTEM "common.ent" > %commondata;
 
   <!-- CVS revision of this document -->
-  <!ENTITY cvs-rev "$Revision: 1.243 $">
+  <!ENTITY cvs-rev "$Revision: 1.244 $">
 
   <!-- if you are translating this document, please notate the CVS
        revision of the original developer's reference in cvs-en-rev -->
@@ -289,6 +289,11 @@ public servers or multiuser machines, such as the Debian servers
 Read the documentation that comes with your software; read the <url
 id="&url-pgp-faq;" name="PGP FAQ">.
        <p>
+You need to ensure not only that your key is secure against being stolen,
+but also that it is secure against being lost. Generate and make a copy
+(best also in paper form) of your revocation certificate; this is needed if
+your key is lost.
+       <p>
 If you add signatures to your public key, or add user identities, you
 can update the Debian key ring by sending your key to the key server at
 <tt>&keyserver-host;</tt>.  If you need to add a completely new key,
@@ -3338,6 +3343,24 @@ does not pulls an new dependency in.
 Version numbers are usually selected by adding the codename of the testing
 distribution and a incrementing number, like 1.2sarge1 for the first upload
 through testing-proposed-updates of the package version 1.2.
+       <p>
+Please make sure you didn't miss any of these items at your upload:
+<list>
+<item> Make sure that your package really needs to go through
+<em>testing-proposed-uploads</em>, and can't go through unstable;
+<item> Make sure that you included only the minimal amount of changes;
+<item> Make sure that you included an appropriate explaination in the
+changelog;
+<item> Make sure that you've written <em>testing</em> or
+<em>testing-proposed-updates</em> into your target distribution;
+<item> Make sure that you've build and tested your package in
+<em>testing</em>, not in <em>unstable</em>;
+<item> Make sure that your version number is higher than the version in
+<em>testing</em> and <em>testing-proposed-updates</em>, and lower than in
+<em>unstable</em>;
+<item> After uploading and successful build on all platforms, contact the
+release team at &email-debian-release; and ask them to approve your upload.
+</list>
 
 
        <sect1 id="faq">