Notes from a packager...
Christian Pearce
pearcec at commnav.com
Fri Jan 16 22:40:18 UTC 2004
I wanted to put down some thoughts of what I do when I package. I was hoping this helps the documentors.
* Identify the vulnerability - Some one posts to the list or you find it yourself
* Due dilligence on how to patch - Figure out what others have done. In a lot of cases each package is going to require a different method for getting a backport. In some cases it is a simple one liner. In other cases we might need to find the revision fixed in cvs and run a diff with the revision in the current tar ball. A lot of these needs to be discussed in the lists or on IRC. (Dig back we hashed this out pretty good. )
This link might help with what the backporting policy is. http://www.redhat.com/archives/fedora-legacy-list/2004-January/msg00176.html
* Spec files - Figure out the best method for releasing the specs. Some cases you might need to release three spec files. But the idea is to try to combine all the spec files in to one version if possible.
* Get some consensus - Verify with the group the approaches are ok.
* Do the work on the spec and build patches if need be.
* Build - src.rpm
* create md5sum - gpg --clearsign it
* Post the md5sum file and src.rpm's to a public server
* Create a bug @ bugzilla.fedora.com (See existing bugs)
- Select - Fedora Meta
- Add a Summary
- Add a Description -- Sign it, add upstream sources, explain what you did, add links to your src.rpm's and md5sums
- Select Component - Package Request
Submit
- Add keywords - LEGACY, QA, rh72, rh73, rh80 ( Or what distros you need)
Hope this helps it is a little choppy.
--
Christian Pearce
http://www.commnav.com
More information about the fedora-legacy-list
mailing list