Differences between revisions 2 and 3
Revision 2 as of 2007-09-26 19:58:58
Size: 872
Editor: ?FlorianWeimer
Comment: Warn against using "dak new-security-install"
Revision 3 as of 2007-09-26 20:05:29
Size: 1298
Editor: ?FlorianWeimer
Comment: More about buildd interaction
Deletions are marked like this. Additions are marked like this.
Line 5: Line 5:
TODO: Handling failed builds Failed builds can be retried by replying to the buildd mail with a message containing a single line of ''retry'' or ''give-back''.
Line 7: Line 7:
Build mails can be signed with the dpkg-approve-buildd. There's also a config snippet for mutt. Build mails can be signed with the dpkg-approve-buildd. There's also a config snippet for mutt. You can also manually extract the .changes file from the middle of the buildd log and sign it manually using ''debsign''. After that, send it in reply to the message containing the buildd log. The buildd will eventually upload the package to ''/org/security.debian.org/queue/embargoed'' on klecker.
Line 9: Line 9:
TODO: where is this script available TODO: need a publicly available copy of dpkg-approve-buildd

Signing the builds for binary:any updates

In contrast to development in unstable, builds for arch:any packages need to be signed by the Security Team. Once they are signed, the compiled packages are uploaded to klecker.

Failed builds can be retried by replying to the buildd mail with a message containing a single line of retry or give-back.

Build mails can be signed with the dpkg-approve-buildd. There's also a config snippet for mutt. You can also manually extract the .changes file from the middle of the buildd log and sign it manually using debsign. After that, send it in reply to the message containing the buildd log. The buildd will eventually upload the package to /org/security.debian.org/queue/embargoed on klecker.

TODO: need a publicly available copy of dpkg-approve-buildd

Writing the advisory text

Write an advisory. Examples can be found on klecker in /org/security.debian.org/advisories/DSA. Note that the template advisory generated by dak new-security-install is broken in various regards; it's better to work from an existing advisory.

Once all builds are available and the advisory text is ready, send a mail to team@security.debian.org. The update will be reviewed and released as described in the following section.