From 029dc004802d489487964524d1e2cc61b96ee0f0 Mon Sep 17 00:00:00 2001 From: markus schnalke Date: Tue, 27 Oct 2015 07:17:09 +0100 Subject: [PATCH] Split the releasing instructions into own document This makes them better visible. --- docs/README.developers | 80 --------------------------------------------- docs/README.releasing | 84 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 84 insertions(+), 80 deletions(-) create mode 100644 docs/README.releasing diff --git a/docs/README.developers b/docs/README.developers index a450598..dcec2a7 100644 --- a/docs/README.developers +++ b/docs/README.developers @@ -97,83 +97,3 @@ you need to run the `autogen.sh' script before you can build anything: % ./autogen.sh - -------------- -releasing mmh -------------- - -To make a public release of mmh (we'll use version 1.0 as example -here): - - 1. % echo 1.0 > VERSION - % date +"%Y-%m-%d" > DATE - (DATE should contain something like "2012-12-08") - - 2. % git commit VERSION DATE; git push - - 3. % git tag -a mmh-1.0 -m 'Releasing mmh-1.0' - - 4. % make mmhdist - - 5. Untar mmh-1.0.tar.gz and `diff -r' it vs. your workspace. Make - sure no files got left out of the distribution that should be in - it (due to someone forgetting to update the DIST variables in the - Makefiles). - - 6. If you have root access on your machine, it's good at this point - to do: - - % chown -R 0:0 mmh-1.0 - % tar cvf - mmh-1.0 | gzip -c > mmh-1.0.tar.gz - - If you leave the files in the archive as being owned by yourself, - your UID may coincide with one of a user on a machine where mmh is - being installed, making it possible for that user to Trojan the mmh - code before the system administrator finishes installing it. - - 7. Make sure your new tarball uncompresses and untars with no problem. - Make sure you can configure, make, and install mmh from it. - - 8. If all is well and your tarball is final, go back to your workspace - and do: - - % echo 1.0+dev > VERSION - - 9. % git commit VERSION; git push - -10. Generate an MD5 hash and a PGP signature of the tarball: - - % md5sum mmh-1.0.tar.gz > mmh-1.0.tar.gz.md5sum - % gpg -ab mmh-1.0.tar.gz - - You can verify the hash and signature with: - - % md5sum -c mmh-1.0.tar.gz.md5sum - % gpg --verify mmh-1.0.tar.gz.asc - -11. Upload the files to the web space: - - % scp -p mmh-1.0.tar.gz* marmaro.de:.../prog/mmh/ - -12. Update the homepage. - -13. Add a news item to relevant pages, e.g. freshmeat.net. - -14. Send the release announcement email to the following places: - - - *or* (bidirectional gateway) - - If the release fixes significant security holes, also send an - announcement to bugtraq@securityfocus.com. - - Preferably, the announcement should contain: - - the URL for the tarball - - the MD5 hash - - the URL of the website - - a brief summary of visible changes - - the URL of the git diff page that shows a detailed list of - changes. The changes between 0.9 and 1.0 would be shown by: - - - Further more, the message should be PGP-signed. diff --git a/docs/README.releasing b/docs/README.releasing new file mode 100644 index 0000000..c526fb3 --- /dev/null +++ b/docs/README.releasing @@ -0,0 +1,84 @@ +# +# README.releasing +# + +------------- +releasing mmh +------------- + +To make a public release of mmh (we'll use version 1.0 as example +here): + + 1. % echo 1.0 > VERSION + % date +"%Y-%m-%d" > DATE + (DATE should contain something like "2012-12-08") + + 2. % git commit VERSION DATE; git push + + 3. % git tag -a mmh-1.0 -m 'Releasing mmh-1.0' + + 4. % make mmhdist + + 5. Untar mmh-1.0.tar.gz and `diff -r' it vs. your workspace. Make + sure no files got left out of the distribution that should be in + it (due to someone forgetting to update the DIST variables in the + Makefiles). + + 6. If you have root access on your machine, it's good at this point + to do: + + % chown -R 0:0 mmh-1.0 + % tar cvf - mmh-1.0 | gzip -c > mmh-1.0.tar.gz + + If you leave the files in the archive as being owned by yourself, + your UID may coincide with one of a user on a machine where mmh is + being installed, making it possible for that user to Trojan the mmh + code before the system administrator finishes installing it. + + 7. Make sure your new tarball uncompresses and untars with no problem. + Make sure you can configure, make, and install mmh from it. + + 8. If all is well and your tarball is final, go back to your workspace + and do: + + % echo 1.0+dev > VERSION + + 9. % git commit VERSION; git push + +10. Generate an MD5 hash and a PGP signature of the tarball: + + % md5sum mmh-1.0.tar.gz > mmh-1.0.tar.gz.md5sum + % gpg -ab mmh-1.0.tar.gz + + You can verify the hash and signature with: + + % md5sum -c mmh-1.0.tar.gz.md5sum + % gpg --verify mmh-1.0.tar.gz.asc + +11. Upload the files to the web space: + + % scp -p mmh-1.0.tar.gz* marmaro.de:.../prog/mmh/ + +12. Update the homepage. + +13. Add a news item to relevant websites. + +14. Send the release announcement email to the following places: + + + + *or* (bidirectional gateway) + + If the release fixes significant security holes, also send an + announcement to . + + Preferably, the announcement should contain: + - the URL for the tarball + - the MD5 hash + - the URL of the website + - a brief summary of visible changes + - the URL of the git diff page that shows a detailed list of + changes. The changes between 0.9 and 1.0 would be shown by: + + + Further more, the message should be PGP-signed. -- 1.7.10.4