# # README.releasing # ------------- releasing mmh ------------- To make a public release of mmh (we'll use version 1.0 as example here): 1. % echo 1.0 > VERSION % date +"%Y-%m-%d" > DATE % vi NEWS 2. % git commit VERSION DATE NEWS 3. % make mmhdist 4. Untar mmh-1.0.tar.gz and `diff -r' it vs. your workspace. Make sure no files got left out of the distribution that should be in it (due to someone forgetting to update the DIST variables in the Makefiles). 5. If you have root access on your machine, it's good at this point to do: % chown -R 0:0 mmh-1.0 % tar cvf - mmh-1.0 | gzip -c > mmh-1.0.tar.gz If you leave the files in the archive as being owned by yourself, your UID may coincide with one of a user on a machine where mmh is being installed, making it possible for that user to Trojan the mmh code before the system administrator finishes installing it. 6. Make sure your new tarball uncompresses and untars with no problem. Make sure you can configure, make, and install mmh from it. 7. If all is well and your tarball is final, go back to your workspace and tag the release: % git tag -a mmh-1.0 -m 'Releasing mmh-1.0' 8. Then bump the version number: % echo 1.0+dev > VERSION 9. % git commit VERSION 10. Generate an MD5 hash and a PGP signature of the tarball: % md5sum mmh-1.0.tar.gz > mmh-1.0.tar.gz.md5sum % gpg -ab mmh-1.0.tar.gz You can verify the hash and signature with: % md5sum -c mmh-1.0.tar.gz.md5sum % gpg --verify mmh-1.0.tar.gz.asc 11. Upload the files to the web space: % scp -p mmh-1.0.tar.gz* marmaro.de:.../prog/mmh/ 12. Update the homepage. 13. Add a news item to relevant websites. 14. Send the release announcement email to the following places: *or* (bidirectional gateway) If the release fixes significant security holes, also send an announcement to . Preferably, the announcement should contain: - the URL for the tarball - the MD5 hash - the URL of the website - a brief summary of visible changes - the URL of the git diff page that shows a detailed list of changes. The changes between 0.9 and 1.0 would be shown by: Further more, the message should be PGP-signed.