Differences between revisions 67 and 68
Revision 67 as of 2014-10-13 09:40:03
Size: 3470
Comment:
Revision 68 as of 2014-12-03 10:23:48
Size: 3508
Editor: EvgeniGolov
Comment: you have to sign inline, actually
Deletions are marked like this. Additions are marked like this.
Line 59: Line 59:
Now that the update has been released, send a mail to the debian-lts-announce mailing list. The mail needs to be signed by a PGP key in the debian.org or debian-maintainers keyring. Both PGP/MIME and inline signatures should be fine. Now that the update has been released, send a mail to the debian-lts-announce mailing list. The mail needs to be signed by a PGP key in the debian.org or debian-maintainers keyring. Please use inline signatures, the checking software does not play well with PGP/MIME yet.

Translation(s): English - Русский

Debian squeeze (6.0) LTS development

Add squeeze-lts to your sources.list

The information moved to LTS/Using.

Contribute

You can help in many ways

Report Bugs

Please report bugs that you found in the packages to the debian-lts mailinglist and put the person who prepared the update in copy (in case they are not subscribed to the list).

Preparing fixed packages for squeeze-lts

DDs have automatically commit access to the secure-testing repository. Otherwise you need to be member of secure-testing alioth project, please request membership trough the Alioth project page or through the debian-lts mailinglist.

Claim the issue in dla-needed.txt

In order to prevent duplication of effort, make sure the issue is listed in data/dla-needed.txt and add your name to it.

svn co svn+ssh://svn.debian.org/svn/secure-testing

Building the update

Backport the fix to the version in squeeze or squeeze-lts (in case there's already been an earlier update). You need to set the target distribution in debian/changelog to "squeeze-lts". The versioning follows the conventions already used in security.debian.org. Historically codenames have been used as version numbers, but this was changed some time ago as version numbers are more deterministic.

  • If a package already e.g. had a +squeeze1 update, use +squeeze2 for the next update.
  • If a package hasn't seen an update, use +deb6u1 for the next update.

Now build the package and run your tests. You can generate a debdiff and post it to debian-lts@lists.debian.org for review.

Now test the fixed package. If you're satisfied, upload to ftp-master. If you use dput-ng, you need to apply the patch from 745806. After that "dput CHANGES file" is sufficient. Once uploaded the package will be auto-built for amd64 or i386 (if it's an arch:any package).

Claim an DLA ID in DLA/list

Run bin/gen-DLA in the top directory of the SVN repository. It automacatically generates an entry in data/DLA/list to ensure that no IDs are used twice. The following command would add an entry for src:hello fixing CVE-2014-0666 and creates an advisory template for you:

 bin/gen-DLA --save hello CVE-2014-0666

After that commit your changed version of data/DLA/list

Announcing the update

Now that the update has been released, send a mail to the debian-lts-announce mailing list. The mail needs to be signed by a PGP key in the debian.org or debian-maintainers keyring. Please use inline signatures, the checking software does not play well with PGP/MIME yet.

The advisory template has been created by bin/gen-DLA (see before) and generally looks like this:

Subject: [DLA $DLA-1] $SOURCEPACKAGENAME security update

Package        : $SOURCEPACKAGENAME
Version        : $squeeze_VERSION
CVE ID         : CVE-2014-0001 CVE-2014-0002
Debian Bug     : 12345

DLA text goes here
[...]


CategoryLts