REVU

Differences between revisions 3 and 62 (spanning 59 versions)
Revision 3 as of 2005-06-26 21:49:46
Size: 1960
Editor: p5494D04C
Comment: more information
Revision 62 as of 2007-05-05 09:40:03
Size: 7373
Editor: dslb-084-058-125-063
Comment: \sh removed from admins
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
revu is the current working name of a review tool for [:MOTU] Uploads.
This service is highly experimental at the moment and involves quite some
manual interaction. The service is located at http://siretart.tauware.de/revu
## page was renamed from MOTU/REVU
## page was renamed from REVU
Line 5: Line 4:
== To register as reviewer ==
Line 7: Line 5:
Please send a signed and encrypted mail with your password and GnuPG keyid to
siretart@tauware.de. I will add you as Reviewer to the database and add
your key to the uploaders keyring.
== What is REVU ? ==
Line 11: Line 7:
== To register as uploader == [http://revu.tauware.de/ REVU] (http://revu.tauware.de) is a web-based tool to give people who have worked on packages a chance to "put their packages out there" for other people to look at and comment on in a structured manner.
Line 13: Line 9:
Please send a signed email with your GnuPG keyid to siretart@tauware.de. I will
add you then to the uploaders keyring.
Once a packager's ["GPGKey"] has been added to the REVU keyring, the packager can begin to upload his packages to REVU. The packages can then be commented on by reviewers, and the packager can send updates of their package to REVU until it gets advocated by at least 2 ["MOTU"]s. At that point, a MOTU can upload the approved package to Universe.
Line 16: Line 11:
== Howto login == This service is experimental at the moment, and involves some manual interaction.
Line 18: Line 13:
With adding you to the keyring, you should have been added to the database with the
password you've choosen in the email. Please use the full email address as
login name. If you didn't specify one, I'll take the From: address from your email
== Contribute as an Uploader ==
Line 22: Line 15:
== Howto upload == === Why contribute as an Uploader ? ===
Line 24: Line 17:
The upload process is similar to uploading to ubuntu, see [Uploads]. Here is a dput snippet: If you've built a package of a program that's not available in the development version of either Ubuntu (currently FeistyFawn) or Debian (Sid), you can upload it to REVU. It can then be checked over by MOTUs and advocated into Ubuntu's Universe archive.

In order to do this, you need to register as an uploader on the REVU system.

=== Register as a REVU uploader ===

You need:

 * A ["GPGKey"]
 * A [https://launchpad.net Launchpad] account
 * To be a member of the [https://launchpad.net/~ubuntu-universe-contributors/ Ubuntu Universe Contributors Group]
 * To know how to make Debian packages (see PackagingTips)
 * One or more new or updated packages to upload

In order to upload to REVU, you will need to be added to the REVU keyring. Be sure that you have a [https://launchpad.net Launchpad] account and that you have added your ["GPGKey"] to it. Then, ask [https://launchpad.net/people/ubuntu-universe-contributors/+join to be added to the Ubuntu Universe Contributors team]. Next, ask the REVU admins in {{{#ubuntu-motu}}} or at keyring@tiber.tauware.de to re-sync the REVU uploaders keyring, which grants you upload rights to REVU. It is a good idea to GetYourKeySigned, but it is not a requirement for using REVU.

==== Passwords ====

You don't need a password to upload packages, only to log in to the website and reply to comments.

Once you have uploaded a package to REVU, a password will be created for you. To get it, enter your e-mail address into the login box, leaving the password field blank, and click Login. Click Recover, and REVU will display an '''encrypted''' message with your password in it.

attachment:IconsPage/note.png Your GPG key needs to have an Elgamal secondary key in order to allow encrypting data as well as signing it. If you don't create an Elgamal key, you will be able to upload to REVU but '''not''' to recover your password, and hence, to login on the web interface.

=== Upload your packages ===

Uploading to REVU uses dput.

Since Ubuntu 6.06 LTS (Dapper Drake), dput is already configured for REVU uploads, with the [revu] entry. However, if are running an earlier version you can add the following entry to your /etc/dput.cf:
Line 27: Line 49:
  fqdn = tauware.de
  incoming = /
  fqdn = revu.tauware.de
  incoming = /incoming
Line 32: Line 54:
Don't forget to adjust your [DEFAULT] section to look like this:
If you are not an Ubuntu developer, you can set REVU as the default host for dput by modifying the [DEFAULT] section in dput.cf. This way, you don't need to specify what host to use when using dput to upload.
Line 37: Line 61:
Please do only signed uploads, and please always include the orig tarball (use option "-sa" to debuild/dpkg-buildpackage) ==== Building a package for upload ====

Uploads to REVU should only be signed source files, with the original tarball. Please do not upload unsigned source or binary packages.

Inside your package directory, issue

{{{
   debuild -S -sa
}}}

-S builds a source package, and -sa includes the original source. If your GPG key is not configured correctly, add {{{-kGPGKEYID}}} to the command line.

attachment:IconsPage/info.png You can add''allow_unsigned_uploads = 0'' to the ''[revu]'' stanza in dput.cf to enforce this.

==== Uploading it ====

debuild will output a package-version_source.changes file, which is uploaded with ''dput''.

{{{
   dput package-version_source.changes
}}}

If your firewall requires passive FTP, dput may hang while uploading. In that case, try {{{dput -P package-version_source.changes}}}.

attachment:IconsPage/note.png If you haven't set REVU as the default host (as explained previously), you need to specify to dput that you wish to use it on the command line: {{{dput revu *_source.changes}}}. The default host is the Ubuntu official repository, and if you are not an Ubuntu developer, your upload to the Ubuntu repository will be rejected.

If you are reuploading a changed package (after receiving reviews), you may get an error like this:
{{{
  Upload package to host revu
  Already uploaded to tauware.de
  Doing nothing for myapp_source.changes
}}}

To fix, add the -f option to dput to force the upload.

Processing of uploads is done every 5 min. If your upload doesn't show up, please contact the REVU administrators by email (admin@tiber.tauware.de) or join the IRC channel #ubuntu-motu and talk to one of:

 * siretart (siretart@tauware.de)
 * sistpoty (sistpoty@ubuntu.com)
 * ajmitch (ajmitch@ubuntu.com)
 * raphink (raphink@ubuntu.com)

=== How to log in ===

After your first upload, you will be automatically registered to the database and assigned a random password. Use the email address you used in the changelog file of your upload as the login name, and press the 'recover password' link, so as to receive your password by email.
Line 40: Line 108:
== This service sucks / I can do better == === View and comment uploads ===
Line 42: Line 110:
Please contact one of siretart, sistpoty or \sh in #ubuntu-motu for access to the svn
repository and help us to improve ;)
Packages uploaded to REVU are made public. You can browse them without logging in to the system.
However, commenting uploads is only available to registered users. As an uploader, you can only comment on your own uploads. This can be useful to give reviewers some info on the changes you have made between two uploads of your packages.
Line 45: Line 113:
== Feature Requests
Line 47: Line 114:
  * Autobuilding
   
Yes, I'll love that, too. This will be implemented in the next version, since I cannot do that on tauware.de. I'm in contact with \sh and ogra for a solution. If you have experience in setting up an sbuild for us, just contact us!
=== Additional rules ===
Line 51: Line 116:
  * auto lintian/linda  * you must have reviewed this package for known security vulnerabilities and provide patches for all of them
 * we can refuse the package on the grounds of known security problems and design
 * you must have included a copyright and license file, and those must allow inclusion of the package in the universe component and on mirrors
 * the package must be known to build on top of the main component of the current ubuntu stable release; it may require other packages already in universe
Line 53: Line 121:
== Can I look at the code? What about svn access? ==
Line 55: Line 122:
Try this link: http://siretart.tauware.de/revu-r30.tar.gz
for svn access contact me via email, I'll arrange something
=== Getting help ===

If you need help on these steps or if you have more questions about REVU, you can ask on #ubuntu-motu on the Freenode network.


== Contribute as Reviewer ==


=== Why contribute as Reviewer? ===

Do you have some experience in packaging and know policy well?
Then you can help improving the packages uploaded to universe and guide packagers in doing so, by contributing as a reviewer on REVU.


=== Register as reviewer ===


What you need :

 * A ["GPGKey"]
 * Be a ["MOTU"]

Please send a signed and encrypted mail with your password and GnuPG keyid to
keyring@tiber.tauware.de. We will mark you as Reviewer in the database.


=== Using REVU-Tools to review on REVU ===

See [:/REVU-Tools].


== Feature Requests ==
please use [http://revu.tauware.de/cgi-bin/trac.cgi The revu-Development-Center] for feature requests and bug reports.


----
["CategoryMOTU"]

What is REVU ?

[http://revu.tauware.de/ REVU] (http://revu.tauware.de) is a web-based tool to give people who have worked on packages a chance to "put their packages out there" for other people to look at and comment on in a structured manner.

Once a packager's ["GPGKey"] has been added to the REVU keyring, the packager can begin to upload his packages to REVU. The packages can then be commented on by reviewers, and the packager can send updates of their package to REVU until it gets advocated by at least 2 ["MOTU"]s. At that point, a MOTU can upload the approved package to Universe.

This service is experimental at the moment, and involves some manual interaction.

Contribute as an Uploader

Why contribute as an Uploader ?

If you've built a package of a program that's not available in the development version of either Ubuntu (currently FeistyFawn) or Debian (Sid), you can upload it to REVU. It can then be checked over by MOTUs and advocated into Ubuntu's Universe archive.

In order to do this, you need to register as an uploader on the REVU system.

Register as a REVU uploader

You need:

In order to upload to REVU, you will need to be added to the REVU keyring. Be sure that you have a [https://launchpad.net Launchpad] account and that you have added your ["GPGKey"] to it. Then, ask [https://launchpad.net/people/ubuntu-universe-contributors/+join to be added to the Ubuntu Universe Contributors team]. Next, ask the REVU admins in #ubuntu-motu or at keyring@tiber.tauware.de to re-sync the REVU uploaders keyring, which grants you upload rights to REVU. It is a good idea to GetYourKeySigned, but it is not a requirement for using REVU.

Passwords

You don't need a password to upload packages, only to log in to the website and reply to comments.

Once you have uploaded a package to REVU, a password will be created for you. To get it, enter your e-mail address into the login box, leaving the password field blank, and click Login. Click Recover, and REVU will display an encrypted message with your password in it.

attachment:IconsPage/note.png Your GPG key needs to have an Elgamal secondary key in order to allow encrypting data as well as signing it. If you don't create an Elgamal key, you will be able to upload to REVU but not to recover your password, and hence, to login on the web interface.

Upload your packages

Uploading to REVU uses dput.

Since Ubuntu 6.06 LTS (Dapper Drake), dput is already configured for REVU uploads, with the [revu] entry. However, if are running an earlier version you can add the following entry to your /etc/dput.cf:

  [revu]
  fqdn = revu.tauware.de
  incoming = /incoming
  login = anonymous

If you are not an Ubuntu developer, you can set REVU as the default host for dput by modifying the [DEFAULT] section in dput.cf. This way, you don't need to specify what host to use when using dput to upload.

  default_host_main = revu

Building a package for upload

Uploads to REVU should only be signed source files, with the original tarball. Please do not upload unsigned source or binary packages.

Inside your package directory, issue

   debuild -S -sa

-S builds a source package, and -sa includes the original source. If your GPG key is not configured correctly, add -kGPGKEYID to the command line.

attachment:IconsPage/info.png You can addallow_unsigned_uploads = 0 to the [revu] stanza in dput.cf to enforce this.

Uploading it

debuild will output a package-version_source.changes file, which is uploaded with dput.

   dput package-version_source.changes

If your firewall requires passive FTP, dput may hang while uploading. In that case, try dput -P package-version_source.changes.

attachment:IconsPage/note.png If you haven't set REVU as the default host (as explained previously), you need to specify to dput that you wish to use it on the command line: dput revu *_source.changes. The default host is the Ubuntu official repository, and if you are not an Ubuntu developer, your upload to the Ubuntu repository will be rejected.

If you are reuploading a changed package (after receiving reviews), you may get an error like this:

  Upload package to host revu
  Already uploaded to tauware.de
  Doing nothing for myapp_source.changes

To fix, add the -f option to dput to force the upload.

Processing of uploads is done every 5 min. If your upload doesn't show up, please contact the REVU administrators by email (admin@tiber.tauware.de) or join the IRC channel #ubuntu-motu and talk to one of:

How to log in

After your first upload, you will be automatically registered to the database and assigned a random password. Use the email address you used in the changelog file of your upload as the login name, and press the 'recover password' link, so as to receive your password by email.

View and comment uploads

Packages uploaded to REVU are made public. You can browse them without logging in to the system. However, commenting uploads is only available to registered users. As an uploader, you can only comment on your own uploads. This can be useful to give reviewers some info on the changes you have made between two uploads of your packages.

Additional rules

  • you must have reviewed this package for known security vulnerabilities and provide patches for all of them
  • we can refuse the package on the grounds of known security problems and design
  • you must have included a copyright and license file, and those must allow inclusion of the package in the universe component and on mirrors
  • the package must be known to build on top of the main component of the current ubuntu stable release; it may require other packages already in universe

Getting help

If you need help on these steps or if you have more questions about REVU, you can ask on #ubuntu-motu on the Freenode network.

Contribute as Reviewer

Why contribute as Reviewer?

Do you have some experience in packaging and know policy well? Then you can help improving the packages uploaded to universe and guide packagers in doing so, by contributing as a reviewer on REVU.

Register as reviewer

What you need :

  • A ["GPGKey"]
  • Be a ["MOTU"]

Please send a signed and encrypted mail with your password and GnuPG keyid to keyring@tiber.tauware.de. We will mark you as Reviewer in the database.

Using REVU-Tools to review on REVU

See [:/REVU-Tools].

Feature Requests

please use [http://revu.tauware.de/cgi-bin/trac.cgi The revu-Development-Center] for feature requests and bug reports.


["CategoryMOTU"]

MOTU/Packages/REVU (last edited 2011-12-08 16:58:49 by static-50-53-26-176)