1 Checklists for PuTTY administrative procedures
2 ==============================================
4 Locations of the licence
5 ------------------------
7 The PuTTY copyright notice and licence are stored in quite a few
8 places. At the start of a new year, the copyright year needs
9 updating in all of them; and when someone sends a massive patch,
10 their name needs adding in all of them too.
12 The LICENCE file in the main source distribution:
19 + the copyright date appears twice, once in the About box and
20 once in the Licence box. Don't forget to change both!
22 + the copyright date appears twice, once in the About box and
23 once in the Licence box. Don't forget to change both!
25 + the copyright date appears twice, once in the About box and
26 once in the Licence box. Don't forget to change both!
29 The documentation (both the preamble blurb and the licence appendix):
32 - putty/doc/licence.but
36 - putty-website/licence.html
38 Before tagging a release
39 ------------------------
41 For a long time we got away with never checking the current version
42 number into CVS at all - all version numbers were passed into the
43 build system on the compiler command line, and the _only_ place
44 version numbers showed up in CVS was in the tag information.
46 Unfortunately, those halcyon days are gone, and we do need the
47 version number in CVS in a couple of places. These must be updated
48 _before_ tagging a new release.
50 The file used to generate the Unix snapshot version numbers (which
51 are <previousrelease>-<date> so that the Debian versioning system
52 orders them correctly with respect to releases):
56 And the Windows installer script:
60 The actual release procedure
61 ----------------------------
63 This is the procedure I (SGT) currently follow (or _should_ follow
64 :-) when actually making a release, once I'm happy with the position
67 - Write a release announcement (basically a summary of the changes
68 since the last release). Squirrel it away in
69 ixion:src/putty/local/announce-<ver> in case it's needed again
70 within days of the release going out.
72 - On my local machines, check out the release-tagged version of the
75 - Build the Windows/x86 release binaries. Don't forget to supply
76 VER=/DRELEASE=<ver>. Run them, or at least one or two of them, to
77 ensure that they really do report their version number correctly.
79 - Acquire the Windows/alpha release binaries from Owen.
80 + Verify the snapshot-key signatures on these, to ensure they're
81 really the ones he built. If I'm going to snapshot-sign a zip
82 file I make out of these, I'm damn well going to make sure the
83 binaries that go _into_ it were snapshot-signed themselves.
85 - Run Halibut to build the docs.
87 - Build the .zip files.
88 + The binary archive putty.zip just contains all the .exe files
89 except PuTTYtel, and the .hlp and .cnt files.
90 + The source archive putty-src.zip is built by puttysnap.sh (my
91 cron script that also builds the nightly snapshot source
93 + The docs archive puttydoc.zip contains all the HTML files
96 - Build the installer.
98 - Sign the release (gpg --detach-sign).
99 + Sign the locally built x86 binaries, the locally built x86
100 binary zipfile, and the locally built x86 installer, with the
102 + The Alpha binaries should already have been signed with the
103 snapshot keys. Having checked that, sign the Alpha binary
104 zipfile with the snapshot keys too.
105 + The source archive should be signed with the release keys.
106 This was the most fiddly bit of the last release I did: the
107 script that built the source archive was on ixion, so I had to
108 bring the archive back to my local machine, check everything
109 in it was untampered-with, and _then_ sign it. Perhaps next
110 time I should arrange that puttysnap.sh can run on my local
111 box; it'd be a lot easier.
112 + Don't forget to sign with both DSA and RSA keys for absolutely
115 - Begin to pull together the release directory structure.
116 + subdir `x86' containing the x86 binaries, x86 binary zip, x86
117 installer, and all signatures on the above.
118 + subdir `alpha' containing the Alpha binaries, Alpha binary
119 zip, and all signatures on the above.
120 + top-level dir contains the source zip (plus signatures),
121 puttydoc.txt, the .hlp and .cnt files, and puttydoc.zip.
123 - Create and sign md5sums files: one in the x86 subdir, one in the
124 alpha subdir, and one in the parent dir of both of those.
125 + The md5sums files need not list the .DSA and .RSA signatures,
126 and the top-level md5sums need not list the other two.
127 + Sign the md5sums files (gpg --clearsign). The Alpha md5sums
128 should be signed with the snapshot keys, but the other two
129 with the release keys (yes, the top-level one includes some
130 Alpha files, but I think people will understand).
132 - Now double-check by verifying all the signatures on all the
135 - Create subdir `htmldoc' in the release directory, which should
136 contain exactly the same set of HTML files that went into
139 - Now the whole release directory should be present and correct.
140 Upload to ixion:www/putty/<ver>, upload to
141 chiark:ftp/putty-<ver>, and upload to the:www/putty/<ver>.
143 - Update the HTTP redirects.
144 + Update the one at the:www/putty/htaccess which points the
145 virtual subdir `latest' at the actual latest release dir. TEST
146 THIS ONE - it's quite important.
147 + ixion:www/putty/.htaccess has an individual redirect for each
148 version number. Add a new one.
150 - Update the FTP symlink (chiark:ftp/putty-latest -> putty-<ver>).
153 + Adjust front page (`the latest version is <ver>').
154 + Adjust filename of installer on links in Download page.
155 + Adjust header text on Changelog page. (That includes changing
156 `are new' in previous version to `were new'!)
158 - Check the Docs page links correctly to the release docs. (It
159 should do this automatically, owing to the `latest' HTTP
162 - Check that the web server attaches the right content type to .HLP
165 - Announce the release!
166 + Mail the announcement to putty-announce.
167 + Post it to comp.security.ssh.
168 + Mention it in <TDHIS> on mono.
170 - All done. Probably best to run `cvs up -A' now, or I'll only
171 forget in a few days' time and get confused...