Debian Project

Debian testing security team

To upload a package to the secure-testing repository, any Debian developer may follow this checklist:

    Preparing the package

  1. Contact the team first to avoid duplicate work.
  2. Only upload changes that have already been made in unstable and are blocked by reaching testing by some other issues. This is both to keep things in sync once the new version from unstable reaches testing, and to avoid breaking secure-testing too badly with fixes that have not been tested first in unstable.
  3. If the orig.tar.gz is already on security.debian.org (either in stable-security or in testing-security) don't include it in the upload. If in doubt, ask the team.
  4. Use a version number that is less than the version number of the fix in unstable, but greater than the version number of the fix in testing (including a possible +b1 for binNMUs). For example, if the fix is in a new upstream version 1.0-1 in unstable, upload version 1.0-1~wheezy1 to testing-security. If the current version in testing is 1.2-3 and the fix is backported to this version, upload version 1.2-3+wheezy1 to testing-security. Make sure that the version you used has never been used before in any release.
  5. Use CODENAME-security as the distribution in the changelog (e.g. wheezy-security).
  6. Build the package in a testing chroot using pbuilder so that all the dependencies are ok. Be sure to build with the -sa switch to include source, unless the source is already in the testing-security archive.
  7. Test the package. Diff the package against the version in testing (if backporting fixes). Use debdiff on both source and binary packages.
  8. Sign the package. Any Debian developer in the keyring can do so.
  9. Upload to security-master.debian.org.

    Public security issues

    For security issues that are already public use the security-master-unembargoed dput target.

    Embargoed security issues

    To upload fixed packages for embargoed (non-public) security issues use the security-master dput target.

Information about releasing the packages can be found in the howto-DTSA file in the SVN repository.

$Id: uploading.html 6493 2007-09-04 11:06:04Z nion $

Valid HTML 4.01! Valid CSS!