|Deletions are marked like this.||Additions are marked like this.|
|Line 63:||Line 63:|
|After downloading the Debian Live CD ISO, the the "*SUMS" and "*SUMS.sign" files can help verify that the ISO image you downloaded was created by Debian.||After downloading the Debian Live CD ISO, the "*SUMS" and "*SUMS.sign" files can help verify that the ISO image you downloaded was created by Debian.|
The Debian Live team produces the tools used by the Debian CD team to produce the Official Debian Live images (from stretch onwards) and also maintains other packages that are used to build live images.
Around the time of a release, the Debian Live team liaises with the Debian CD team in order to make sure that releases happen smoothly and with as little issues as possible.
Development Homepage: https://www.debian.org/devel/debian-live/
Development Documentation: https://debian-live.alioth.debian.org/
IRC: #debian-live on OFTC
Alioth Project: https://alioth.debian.org/projects/debian-live/
VCS Browser: https://anonscm.debian.org/cgit/debian-live/
Contributing to Debian Live
Contributions to the project, such as translations and patches, are welcomed and greatly appreciated.
It is important when submitting a contribution, whether it be for software, documentation or a translation, to clearly identify its copyright holder and include any applicable licensing statement.
To be accepted, the contribution must be licensed under the same license as the rest of the package. This is GPL version 3 or later for most packages, but BSD 2-clause for live-wrapper.
While in the past, the Debian Live team has tended to not use Debian resources for development, we are now aiming to use the Debian BTS and Debian hosted version-control systems for all Debian Live development work.
If you'd like to dive straight into development, check out the Debian Live Dashboard and see what there is that needs fixing. If you spot a bug you think you can fix, send an email to the mailing list or chat to us in IRC. If no one else is working on the issue, assign yourself as the owner of the bug and submit a patch to the BTS.
Once your patch is in the BTS, let one of the named uploaders know and they will review your patch and include it on the next upload if it looks good, or provide feedback if it needs work.
For small patches, please submit these as wishlist bugs to the Debian Bug Tracking System (BTS). You can find documentation on how to submit bugs to the BTS here.
For larger development works, please discuss these on the mailing list in advance. If you would like to be more involved in the development of Debian Live packages, please join the Alioth group.
All members of the Alioth group have commit access to our git repositories, but please do not push changes without first clearing it with one of the named uploaders on the package of the repository you are pushing to.
The Debian Live packages are native packages. This means that there is no upstream or pristine-tar branches and we do not use quilt patches, unlike most other teams in Debian where they are packaging upstream sources.
The master branch contains current development work. Tags in the form of "debian/<release>" will mark the commit of each release that has been uploaded to unstable.
For managing backports and stable updates, branches may be created within the repositories with the name of "<codename>-pu" for proposed-updates or "<codename>-bpo" for backports.
Need information on how to contribute to documentation.
Need information on how to contribute to translations.
Using GPG to Verify the Authenticity of Live CD Images
After downloading the Debian Live CD ISO, the "*SUMS" and "*SUMS.sign" files can help verify that the ISO image you downloaded was created by Debian.
At a command line, in the directory into which the Debian Live ISO was downloaded, and using "SHA512SUMS" as an example, validate "SHA512SUMS" with "gpg":
gpg --keyserver keyring.debian.org --verify SHA512SUMS.sign SHA512SUMS
As per "https://www.debian.org/CD/verify", the output from the above gpg command should contain:
gpg: Signature made Wed 21 Jun 2017 03:45:45 AM CDT gpg: using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B
If the output from the gpg command contains the above "Signature made" and "RSA key" lines, the ISO file itself can now be validated. So, continuing with the "SHA512SUMS" example:
sha512sum --ignore-missing -c SHA512SUMS
The output from the above "sha512sum" command should be only this:
If the output from the above command contained "OK", there can be a good level of confidence that your downloaded Debian Live CD ISO image was sourced by Debian.
A TODO list is maintained at /TODO in order to highlight any tasks that require immediate attention before the BTS can be triaged. Later, task management will be performed using the BTS.