Another item for the release checklist: don't forget to save the

[u/mdw/putty] / CHECKLST.txt

Checklists for PuTTY administrative procedures
==============================================

Locations of the licence
------------------------

The PuTTY copyright notice and licence are stored in quite a few
places. At the start of a new year, the copyright year needs
updating in all of them; and when someone sends a massive patch,
their name needs adding in all of them too.

The LICENCE file in the main source distribution:

 - putty/LICENCE

The resource files:

 - putty/pageant.rc
    + the copyright date appears twice, once in the About box and
      once in the Licence box. Don't forget to change both!
 - putty/puttygen.rc
    + the copyright date appears twice, once in the About box and
      once in the Licence box. Don't forget to change both!
 - putty/win_res.rc
    + the copyright date appears twice, once in the About box and
      once in the Licence box. Don't forget to change both!
 - putty/mac/mac_res.r

The documentation (both the preamble blurb and the licence appendix):

 - putty/doc/blurb.but
 - putty/doc/licence.but

The website:

 - putty-website/licence.html
 
Before tagging a release
------------------------

For a long time we got away with never checking the current version
number into CVS at all - all version numbers were passed into the
build system on the compiler command line, and the _only_ place
version numbers showed up in CVS was in the tag information.

Unfortunately, those halcyon days are gone, and we do need the
version number in CVS in a couple of places. These must be updated
_before_ tagging a new release.

The file used to generate the Unix snapshot version numbers (which
are <previousrelease>-<date> so that the Debian versioning system
orders them correctly with respect to releases):

 - putty/LATEST.VER

The Windows installer script:

 - putty/putty.iss

The Mac resource file (used to generate the binary bit of the 'vers'
resources -- the strings are supplied by the usual means):

 - putty/mac/version.r

It might also be worth going through the documentation looking for
version numbers - we have a couple of transcripts showing the help
text from the command-line tools, and it would be nice to ensure the
whole transcripts (certainly including the version numbers) are up
to date.

 - putty/doc/pscp.but
 - putty/doc/plink.but
 - putty/doc/psftp.but (in case it ever acquires a similar thing)

The actual release procedure
----------------------------

This is the procedure I (SGT) currently follow (or _should_ follow
:-) when actually making a release, once I'm happy with the position
of the tag.

 - Write a release announcement (basically a summary of the changes
   since the last release). Squirrel it away in
   ixion:src/putty/local/announce-<ver> in case it's needed again
   within days of the release going out.

 - On my local machines, check out the release-tagged version of the
   sources.
    + Make sure to run mkfiles.pl _after_ this checkout, just in
      case.

 - Build the Windows/x86 release binaries. Don't forget to supply
   VER=/DRELEASE=<ver>. Run them, or at least one or two of them, to
   ensure that they really do report their version number correctly.
    + Save the release link maps. Currently I keep these on ixion,
      in src/putty/local/maps-<version>.

 - Acquire the Windows/alpha release binaries from Owen.
    + Verify the snapshot-key signatures on these, to ensure they're
      really the ones he built. If I'm going to snapshot-sign a zip
      file I make out of these, I'm damn well going to make sure the
      binaries that go _into_ it were snapshot-signed themselves.
    + Make sure Owen has kept the Alpha release link maps somewhere
      useful.

 - Run Halibut to build the docs.

 - Build the .zip files.
    + The binary archive putty.zip just contains all the .exe files
      except PuTTYtel, and the .hlp and .cnt files.
    + The source archive putty-src.zip is built by puttysnap.sh (my
      cron script that also builds the nightly snapshot source
      archive).
    + The docs archive puttydoc.zip contains all the HTML files
      output from Halibut.

 - Build the installer.

 - Sign the release (gpg --detach-sign).
    + Sign the locally built x86 binaries, the locally built x86
      binary zipfile, and the locally built x86 installer, with the
      release keys.
    + The Alpha binaries should already have been signed with the
      snapshot keys. Having checked that, sign the Alpha binary
      zipfile with the snapshot keys too.
    + The source archive should be signed with the release keys.
      This was the most fiddly bit of the last release I did: the
      script that built the source archive was on ixion, so I had to
      bring the archive back to my local machine, check everything
      in it was untampered-with, and _then_ sign it. Perhaps next
      time I should arrange that puttysnap.sh can run on my local
      box; it'd be a lot easier.
    + Don't forget to sign with both DSA and RSA keys for absolutely
      everything.

 - Begin to pull together the release directory structure.
    + subdir `x86' containing the x86 binaries, x86 binary zip, x86
      installer, and all signatures on the above.
    + subdir `alpha' containing the Alpha binaries, Alpha binary
      zip, and all signatures on the above.
    + top-level dir contains the source zip (plus signatures),
      puttydoc.txt, the .hlp and .cnt files, and puttydoc.zip.

 - Create and sign md5sums files: one in the x86 subdir, one in the
   alpha subdir, and one in the parent dir of both of those.
    + The md5sums files need not list the .DSA and .RSA signatures,
      and the top-level md5sums need not list the other two.
    + Sign the md5sums files (gpg --clearsign). The Alpha md5sums
      should be signed with the snapshot keys, but the other two
      with the release keys (yes, the top-level one includes some
      Alpha files, but I think people will understand).

 - Now double-check by verifying all the signatures on all the
   files.

 - Create subdir `htmldoc' in the release directory, which should
   contain exactly the same set of HTML files that went into
   puttydoc.zip.

 - Now the whole release directory should be present and correct.
   Upload to ixion:www/putty/<ver>, upload to
   chiark:ftp/putty-<ver>, and upload to the:www/putty/<ver>.

 - Update the HTTP redirects.
    + Update the one at the:www/putty/htaccess which points the
      virtual subdir `latest' at the actual latest release dir. TEST
      THIS ONE - it's quite important.
    + ixion:www/putty/.htaccess has an individual redirect for each
      version number. Add a new one.

 - Update the FTP symlink (chiark:ftp/putty-latest -> putty-<ver>).

 - Update web site.
   + Adjust front page (`the latest version is <ver>').
   + Adjust filename of installer on links in Download page.
   + Adjust header text on Changelog page. (That includes changing
     `are new' in previous version to `were new'!)

 - Check the Docs page links correctly to the release docs. (It
   should do this automatically, owing to the `latest' HTTP
   redirect.)

 - Check that the web server attaches the right content type to .HLP
   and .CNT files.

 - Run webupdate, so that all the changes on ixion propagate to
   chiark. Important to do this _before_ announcing that the release
   is available.

 - Announce the release!
    + Mail the announcement to putty-announce.
    + Post it to comp.security.ssh.
    + Mention it in <TDHIS> on mono.

 - All done. Probably best to run `cvs up -A' now, or I'll only
   forget in a few days' time and get confused...