1. Jason R. Coombs
  2. PuTTY



Checklists for PuTTY administrative procedures

Locations of the licence

The PuTTY copyright notice and licence are stored in quite a few
places. At the start of a new year, the copyright year needs
updating in all of them; and when someone sends a massive patch,
their name needs adding in all of them too.

The LICENCE file in the main source distribution:

 - putty/LICENCE

The resource files:

 - putty/windows/pageant.rc
    + the copyright date appears twice, once in the About box and
      once in the Licence box. Don't forget to change both!
 - putty/windows/puttygen.rc
    + the copyright date appears twice, once in the About box and
      once in the Licence box. Don't forget to change both!
 - putty/windows/win_res.rc2
    + the copyright date appears twice, once in the About box and
      once in the Licence box. Don't forget to change both!
 - putty/windows/version.rc2
    + the copyright date appears once only.
 - putty/unix/gtkdlg.c
    + the copyright date appears twice, once in the About box and
      once in the Licence box. Don't forget to change both!

The documentation (both the preamble blurb and the licence appendix):

 - putty/doc/blurb.but
 - putty/doc/licence.but

The website:

 - putty-website/licence.html

Before tagging a release

 - First of all, go through the source (including the documentation),
   and the website, and review anything tagged with a comment
   containing the word XXX-REVIEW-BEFORE-RELEASE.
   (Any such comments should state clearly what needs to be done.)

 - Also, do some testing of the Windows version with Minefield, and
   of the Unix version with valgrind or efence or both. In
   particular, any headline features for the release should get a
   workout with memory checking enabled!

For a long time we got away with never checking the current version
number in at all - all version numbers were passed into the build
system on the compiler command line, and the _only_ place version
numbers showed up in the source files was in the tag information.

Unfortunately, those halcyon days are gone, and we do need the
version number checked in in a couple of places. These must be updated
_before_ tagging a new release.

The file used to generate the Unix snapshot version numbers (which
are <previousrelease>-<date> so that the Debian versioning system
orders them correctly with respect to releases):

 - putty/LATEST.VER

The Windows installer script (_four_ times, on consecutive lines):

 - putty/windows/putty.iss

The Windows resource file (used to generate the binary bit of the
VERSIONINFO resources -- the strings are supplied by the usual means):

 - putty/windows/version.rc2 (BASE_VERSION; NB, _comma_-separated)

It might also be worth going through the documentation looking for
version numbers - we have a couple of transcripts showing the help
text from the command-line tools, and it would be nice to ensure the
whole transcripts (certainly including the version numbers) are up
to date. Sometimes these are marked in between releases as `0.XX', so
it's worth grepping for that too.

 - putty/doc/pscp.but
 - putty/doc/plink.but
 - putty/doc/psftp.but (in case it ever acquires a similar thing)

The actual release procedure

This is the procedure I (SGT) currently follow (or _should_ follow
:-) when actually making a release, once I'm happy with the position
of the tag.

 - Double-check that we have removed anything tagged with a comment
   containing the words XXX-REMOVE-BEFORE-RELEASE or

 - Write a release announcement (basically a summary of the changes
   since the last release). Squirrel it away in
   atreus:src/putty/local/announce-<ver> in case it's needed again
   within days of the release going out.

 - Build the release: `bob putty-0.XX RELEASE=0.XX'. This should
   generate a basically valid release directory as
   `build.out/putty', and provide link maps and sign.sh alongside
   that in build.out.

 - Do a bit of checking that the release binaries basically work,
   report their version numbers accurately, and so on. Test the
   installer and the Unix source tarball.

 - Save the link maps. Currently I keep these on atreus, in

 - Sign the release: in the `build.out' directory, type `./sign.sh
   putty Releases', and enter the passphrases a lot of times.

 - Now the whole release directory should be present and correct.
   Upload it to atreus:www/putty/<ver>.

 - Do final checks on the release directory:
    + verify all the signatures:
      for i in `find . -name '*.*SA'`; do case $i in *sums*) gpg --verify $i;; *) gpg --verify $i ${i%%.?SA};; esac; done
    + check the checksum files:
      md5sum -c md5sums
      sha1sum -c sha1sums
      sha256sum -c sha256sums
      sha512sum -c sha512sums

 - Having double-checked the release, copy it from atreus to
   chiark:ftp/putty-<ver> and to the:www/putty/<ver>.

 - Check the permissions! Actually try downloading from the, to make
   sure it really works.

 - Update the HTTP redirects.
    + Update the one at the:www/putty/htaccess which points the
      virtual subdir `latest' at the actual latest release dir. TEST
      THIS ONE - it's quite important.
    + atreus:www/putty/.htaccess has an individual redirect for each
      version number. Add a new one.

 - Update the FTP symlink (chiark:ftp/putty-latest -> putty-<ver>).

 - Update web site.
   + Adjust front page to say 'The latest version is <ver>'.
   + Adjust front page to add a news item.
   + Adjust Download page to say 'The latest release version (<ver>)'.
   + Adjust Download page to update filenames of installer and Unix
     tarball (both in the hrefs themselves and the link text).
   + Check over the Download page and remove any mention of
     pre-releases, if there were any before this release. Comment out
     the big pre-release section at the top, and also adjust the
     sections about source archives at the bottom.
   + Adjust header text on Changelog page. (That includes changing
     `are new' in previous version to `were new'!)

 - Update the wishlist. This can be done without touching individual
   items by editing the @releases array in control/bugs2html.

 - Check the Docs page links correctly to the release docs. (It
   should do this automatically, owing to the `latest' HTTP

 - Check that the web server attaches the right content type to .HLP
   and .CNT files.

 - Run webupdate, so that all the changes on atreus propagate to
   chiark. Important to do this _before_ announcing that the release
   is available.

 - After running webupdate, run update-rsync on chiark and verify that
   the rsync mirror package (~/ftp/putty-website-mirror) contains a
   subdirectory for the new version and mentions it in its .htaccess.

 - Announce the release!
    + Construct a release announcement email whose message body is the
      announcement written above, and which includes the following
       * Reply-To: <putty@projects.tartarus.org>
       * Subject: PuTTY X.YZ is released
    + Mail that release announcement to
    + Post it to comp.security.ssh.
    + Mention it in <TDHTT> on mono.

 - Relax (slightly).

After the release

The following want doing some time soon after a release has been made:

 - If the release was made from a branch, make sure the version number
   on the _trunk_ is up to date in all the locations listed above, so
   that (e.g.) Unix snapshots come out right.