--- Begin Message ---
Subject: |
IMPORTANT: New automated upload procedures for {ftp,alpha}.gnu.org |
Date: |
Tue, 11 Nov 2003 12:01:08 -0500 |
User-agent: |
Mutt/1.5.4i |
[ Please redirect this message to anyone who works with you as GNU
Maintainer to help handle upload and releases of GNU software. ]
To All GNU Maintainers:
Paul Fisher, Karl Berry, and a host of others have implemented a new
system to handle uploads of GNU software to ftp.gnu.org in a secure way.
To begin this process, we need each GNU maintainer to send message,
preferably GPG-signed, to <address@hidden> that includes the
following:
(a) name of package(s) that you are the maintainer for, and your
preferred email address.
(b) an ASCII armored copy of your GnuPG key, as an attachment.
("gpg --export -a YOUR_KEY_ID > mykey.asc" should give you this.)
(c) a list of names and (preferred) email addresses of individuals you
authorize to make releases for which packages (in the case that you
don't make all releases yourself), if any.
(d) ASCII armored copies of GnuPG keys for any individuals listed in
(c).
We will acknowledge your message when we have added the proper GPG keys
as authorized to upload files for their corresponding packages.
Once you have received that acknowledgment, you will be able to do
unattended uploads using the following procedure:
For each upload destined for ftp.gnu.org or alpha.gnu.org, three files
(a triplet) need to be uploaded via ftp to the site,
ftp-upload.gnu.org.
(1) File to distributed (eg. foo.tar.gz)
(2) Detached GPG binary signature for (1) (using gpg -b)
(eg. foo.tar.gz.sig)
(3) Clearsigned "directive" file (using gpg --clearsign)
(eg. foo.tar.gz.directive.asc)
The triplet should be uploaded via anonymous ftp to ftp-upload.gnu.org.
If the upload is destine for ftp.gnu.org, then the triplet should be
places in the /incoming/ftp directory. If the upload is destine for
alpha.gnu.org, then the triplet should be placed in the /incoming/alpha
directory.
Uploads are processed every five minutes. (BTW, uploads that are in
progress when the upload processing script is running are handled
properly, so do not worry about the timing of your upload.)
The directive file should contain one line (excluding the clearsigned
data GPG puts in place), which specifies the directory where items (1)
and (2) shall be placed.
For example, foo.tar.gz.directive might contain the single line:
directory: bar/v1
This directory line indicates that foo.tar.gz and foo.tar.gz.sig are
part of package "bar". If you were to upload the three files to
/incoming/ftp, and the system can positively authenticate the
signatures, then the files foo.tar.gz and foo.tar.gz.sig will be placed
in the directory "gnu/bar/v1" off of the "ftp.gnu.org" site.
The directive file can be used to create currently non-existent
directory trees, as long as they are under the package directory for
your package (in the example above, that is "bar").
Your designated upload email addresses (see (a) and (b) above) shall
receive an email if there are any problems processing an upload for
your package. If you have difficulties processing an upload, please
write to <address@hidden>.
NOTE: We had previously asked you to write to address@hidden because
of excessive amounts of spam (from SoBig) in our ftp-upload RT queue. As
of today, that is NO LONGER NECESSARY, as a volunteer (thanks, Paul
Visscher) kindly clear out that spam. Please resume using the ftp-upload
address for ALL MATTERS related to ftp uploads.
Finally, I want to thank each GNU maintainer for your patience during this
process. I realize there is still some backlog of uploads and some md5sum
files from pre-August-1 files that are queued for us. Now that we have
this process in place, we will turn our attention to clearing out that
backlog and hope to complete it soon.
If you have questions about this process, please contact us at
<address@hidden>. Thanks again for your patience.
--
Bradley M. Kuhn, Executive Director
Free Software Foundation | Phone: +1-617-542-5942
59 Temple Place, Suite 330 | Learn more about FSF and how you can help:
Boston, MA 02111-1307 USA | http://svcs.affero.net/rm.php?r=bkuhn&p=FSF
pgpE7WMAKd1NE.pgp
Description: PGP signature
_______________________________________________
GNU Maintainers Announcement List address@hidden
http://mail.gnu.org/mailman/listinfo/gnu-prog
--- End Message ---