File: README.releasing

package info (click to toggle)
mmh 0.4-4
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, bullseye
  • size: 4,976 kB
  • sloc: ansic: 26,132; sh: 6,871; makefile: 680; awk: 74
file content (86 lines) | stat: -rw-r--r-- 2,524 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 
#
# README.releasing
#

-------------
releasing mmh
-------------

To make a public release of mmh (we'll use version 1.0 as example
here):

 1. % echo 1.0 > VERSION
    % date +"%Y-%m-%d" > DATE
    % vi NEWS

 2. % git commit VERSION DATE NEWS

 3. % make mmhdist

 4. Untar mmh-1.0.tar.gz and `diff -r' it vs. your workspace. Make
    sure no files got left out of the distribution that should be in
    it (due to someone forgetting to update the DIST variables in the
    Makefiles).

 5. If you have root access on your machine, it's good at this point
    to do:

    % chown -R 0:0 mmh-1.0
    % tar cvf - mmh-1.0 | gzip -c > mmh-1.0.tar.gz

    If you leave the files in the archive as being owned by yourself,
    your UID may coincide with one of a user on a machine where mmh is
    being installed, making it possible for that user to Trojan the mmh
    code before the system administrator finishes installing it.

 6. Make sure your new tarball uncompresses and untars with no problem.
    Make sure you can configure, make, and install mmh from it.

 7. If all is well and your tarball is final, go back to your workspace
    and tag the release:

    % git tag -a mmh-1.0 -m 'Releasing mmh-1.0'

 8. Then bump the version number:

    % echo 1.0+dev > VERSION

 9. % git commit VERSION

10. Generate an MD5 hash and a PGP signature of the tarball:

    % md5sum mmh-1.0.tar.gz > mmh-1.0.tar.gz.md5sum
    % gpg -ab mmh-1.0.tar.gz

    You can verify the hash and signature with:

    % md5sum -c mmh-1.0.tar.gz.md5sum
    % gpg --verify mmh-1.0.tar.gz.asc

11. Upload the files to the web space:

    % scp -p mmh-1.0.tar.gz* marmaro.de:.../prog/mmh/

12. Update the <http://marmaro.de/prog/mmh/> homepage.

13. Add a news item to relevant websites.

14. Send the release announcement email to the following places:
    <mmh@marmaro.de>
    <nmh-workers@nongnu.org>
    <nmh-announce@nongnu.org>
    <mh-users@ics.uci.edu> *or* <comp.mail.mh> (bidirectional gateway)

    If the release fixes significant security holes, also send an
    announcement to <bugtraq@securityfocus.com>.

    Preferably, the announcement should contain:
    - the URL for the tarball
    - the MD5 hash
    - the URL of the website
    - a brief summary of visible changes
    - the URL of the git diff page that shows a detailed list of
      changes. The changes between 0.9 and 1.0 would be shown by:
      <http://git.marmaro.de/?p=mmh;a=commitdiff;hp=mmh-0.9;h=mmh-1.0>

    Further more, the message should be PGP-signed.