Author: micah Date: 2008-04-17 14:48:03 +0000 (Thu, 17 Apr 2008) New Revision: 8549 Modified: doc/how-to-DTSA Log: added some additional text to help clarify the process Modified: doc/how-to-DTSA ==================================================================--- doc/how-to-DTSA 2008-04-17 14:47:30 UTC (rev 8548) +++ doc/how-to-DTSA 2008-04-17 14:48:03 UTC (rev 8549) @@ -76,11 +76,17 @@ LANG=en_GB ~joey/bin/diffpackages -d stable clamav Otherwise do some debdiffing to ensure that the filelists and -dependencies look correct. +dependencies look correct. You can do this by downloading the +binary packages from klecker and the compare them, like the following: -You can install the packages in the security archive with something -like: + for i in *lenny1*.deb; do + oldpkg=$(echo $i | sed -e ''s/+lenny1//'') + debdiff debian.netcologne.de/debian/pool/main/c/cupsys/$oldpkg $i + done|less +If everything looks good, you can install the packages in the security +archive with something like: + dak new-security-install DTSA-36-1 mydns_1.1.0-7+lenny1_*.changes DTSA-36-1 is an identifier that should be the name of the new DTSA. @@ -88,8 +94,19 @@ need a second run, use DTSA-36-1a or DTSA-36-2. "dak new-security-install" gives you an advisory template. This is not -used for DTSAs. Ignore it. +used for DTSAs. Ignore it by choosing Approve to continue, if everything +seems ok. If for some reason the dak run is not what you want, (for example +not all the required arches are listed), you can just choose Quit to abort +the dak run. Do not hit control-c or there will be problems. Quit will +allow you to re-run "dak new-security-install" again with the same DTSA +number without problems. +The dak options as they are presented are confusing: +Approve, [E]dit advisory, Show advisory, Reject, Quit? + +Each of those can be triggered by their first letter (Q for quit, etc.), +its not clear why [E]dit looks different. + After the dak run, the new packages appear on security.debian.org and the mirrors are notified. You should get a mail that the packages are installed in testing-proposed-updates. @@ -99,6 +116,11 @@ Announcing ========= +Currently, we are not doing DTSA announcements, and instead letting the +scripts include them in the automatic security update emails sent to +secure-testing-announce. However, the below information is kept for +posterity. + If there has been a new stable release since the last DTSA, change the code names in all the scripts and templates ;-)