[Secure-testing-commits] r8549 - doc

micah at alioth.debian.org micah at alioth.debian.org
Thu Apr 17 14:48:04 UTC 2008 

Author: micah
Date: 2008-04-17 14:48:03 +0000 (Thu, 17 Apr 2008)
New Revision: 8549

Modified:
   doc/how-to-DTSA
Log:
added some additional text to help clarify the process

Modified: doc/how-to-DTSA
===================================================================
--- doc/how-to-DTSA	2008-04-17 14:47:30 UTC (rev 8548)
+++ doc/how-to-DTSA	2008-04-17 14:48:03 UTC (rev 8549)
@@ -76,11 +76,17 @@
 LANG=en_GB ~joey/bin/diffpackages -d stable clamav
 
 Otherwise do some debdiffing to ensure that the filelists and
-dependencies look correct.
+dependencies look correct. You can do this by downloading the 
+binary packages from klecker and the compare them, like the following:
 
-You can install the packages in the security archive with something
-like:
+         for i in *lenny1*.deb; do
+	     oldpkg=$(echo $i | sed -e 's/+lenny1//')                                       
+	     debdiff debian.netcologne.de/debian/pool/main/c/cupsys/$oldpkg $i               
+         done|less
 
+If everything looks good, you can install the packages in the security 
+archive with something like:
+
 dak new-security-install DTSA-36-1 mydns_1.1.0-7+lenny1_*.changes
 
 DTSA-36-1 is an identifier that should be the name of the new DTSA.
@@ -88,8 +94,19 @@
 need a second run, use DTSA-36-1a or DTSA-36-2.
 
 "dak new-security-install" gives you an advisory template. This is not
-used for DTSAs. Ignore it.
+used for DTSAs. Ignore it by choosing Approve to continue, if everything 
+seems ok. If for some reason the dak run is not what you want, (for example 
+not all the required arches are listed), you can just choose Quit to abort
+the dak run. Do not hit control-c or there will be problems. Quit will
+allow you to re-run "dak new-security-install" again with the same DTSA
+number without problems. 
 
+The dak options as they are presented are confusing:
+Approve, [E]dit advisory, Show advisory, Reject, Quit?
+
+Each of those can be triggered by their first letter (Q for quit, etc.), 
+its not clear why [E]dit looks different.
+
 After the dak run, the new packages appear on security.debian.org and
 the mirrors are notified. You should get a mail that the packages are
 installed in testing-proposed-updates.
@@ -99,6 +116,11 @@
 Announcing
 ==========
 
+Currently, we are not doing DTSA announcements, and instead letting the
+scripts include them in the automatic security update emails sent to
+secure-testing-announce. However, the below information is kept for
+posterity.
+
 If there has been a new stable release since the last DTSA, change the
 code names in all the scripts and templates ;-)

More information about the Secure-testing-commits mailing list