[Secure-testing-commits] r1667 - website

Sat Aug 27 07:20:30 UTC 2005

Author: joeyh
Date: 2005-08-27 07:20:28 +0000 (Sat, 27 Aug 2005)
New Revision: 1667

Modified:
   website/index.html
Log:
update

Modified: website/index.html
===================================================================

--- website/index.html	2005-08-27 04:25:11 UTC (rev 1666)
+++ website/index.html	2005-08-27 07:20:28 UTC (rev 1667)
@@ -69,8 +69,8 @@
 	<h1>Uploads to the secure-testing repository</h1>
 
 	<p>
-	To upload a package to the secure-testing repository, follow this
-	checklist:
+	To upload a package to the secure-testing repository, any Debian
+	developer may follow this checklist:
 	<ol>
 		<li>Only upload changes that have already been made in
 		unstable and are blocked by reaching testing by some other
@@ -79,7 +79,8 @@
 		breaking secure-testing too badly with fixes that have not
 		been tested first in unstable.</li>
 		<li>Only make uploads for issues that the testing security
-		team plans to issue a DTSA announcement for.</li>
+		team plans to issue a DTSA announcement for. It is best to
+		contact the team first to avoid duplicate work.</li>
 		<li>Use a version number that is less than the version
 		number of the fix in unstable, but greater than the version
 		number of the fix in testing. For example, if the fix is in
@@ -90,7 +91,10 @@
 		<li>Use "testing" as the distribution in the
 		changelog.</li>
 		<li>Build the package in a testing chroot using pbuilder
-		so that all the dependencies are ok.</li>
+		so that all the dependencies are ok. Be sure to build with
+		the -sa switch to include source, unless the source is
+		already in the secure-testing archive.
+		</li>
 		<li>Test the package.</li>
 		<li>Sign the package. Any Debian developer in the keyring
 		can do so.</li>
@@ -114,15 +118,25 @@
 		</pre>
 		Build logs can be found
 		<a href="http://experimental.debian.net/">here</a>.
+		Once everything is ready, contact a team member to issue a
+		DSTA.
 		</li>
-		<li>
-		Once everything is ready, contact a team member to create a DTSA annoucement
-		(using data/DTSA/mkadvisory), contact a secure-testing-master admin
-		to move the upload from etch-proposed-updates to
+	</ol>
+
+	<p>
+	To issue a DTSA, team members follow this checklist:
+	<ol>
+		<li>Make sure everything is ready.
+		<li>cd data/DTSA; ./mkadvisory</li>
+		<li>svn add DTSA-n-1; svn commit</li>
+		<li>Contact a secure-testing-master admin to move the upload from etch-proposed-updates to
 		etch (using something like this, but the procedure is still being worked out:
-		madison -s etch-proposed-updates -f heidi -S $package | sudo -u katie heidi -a etch)
+		madison -s etch-proposed-updates -f heidi -S $package | sudo -u katie heidi -a etch; touch /org/secure-testing.debian.net/RUN-DINSTALL)
 		and send the signed DTSA to secure-testing-announce.
 		</li>
+		<li>Make sure that the debs are in place. Note that
+		dinstall runs at 20 and 50 past the hour.
+		<li>cd data/DTSA; ./sndadvisory DTSA-n-1</li>
 	</ol>
 	</p>
 


