X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=policy.sgml;h=4adee0b00da29910a0008d6aa549655e4d3a6383;hb=a34ae3cf97b43e0d200ff4e25b10fd6fad9494ad;hp=fa0a390cf08308c5ed2c57886845ec64e9a66d18;hpb=a455d2387d8ef592eca042366eed6247ab0d587d;p=debian%2Fdebian-policy.git

diff --git a/policy.sgml b/policy.sgml
index fa0a390..4adee0b 100644
--- a/policy.sgml
+++ b/policy.sgml
@@ -229,9 +229,8 @@
 	  <enumlist>
 	    <item>Russ Allbery</item>
 	    <item>Bill Allombert</item>
-	    <item>Andrew McMillan</item>
-	    <item>Manoj Srivastava</item>
-	    <item>Colin Watson</item>
+	    <item>Andreas Barth</item>
+	    <item>Jonathan Nieder</item>
 	  </enumlist>
         </p>
 
@@ -1746,11 +1745,14 @@ zope.
 
 	<p>
 	  The maintainer name and email address used in the changelog
-	  should be the details of the person uploading <em>this</em>
-	  version.  They are <em>not</em> necessarily those of the
-	  usual package maintainer.<footnote>
-	    If the developer uploading the package is not one of the usual
-	    maintainers of the package (as listed in
+	  should be the details of the person who prepared this release of
+	  the package.  They are <em>not</em> necessarily those of the
+	  uploader or usual package maintainer.<footnote>
+	    In the case of a sponsored upload, the uploader signs the
+	    files, but the changelog maintainer name and address are those
+	    of the person who prepared this release.  If the preparer of
+	    the release is not one of the usual maintainers of the package
+	    (as listed in
 	    the <qref id="f-Maintainer"><tt>Maintainer</tt></qref>
 	    or <qref id="f-Uploaders"><tt>Uploaders</tt></qref> control
 	    fields of the package), the first line of the changelog is
@@ -2556,7 +2558,9 @@ Package: libc6
 	  the field name is <tt>Package</tt> and the field value
 	  <tt>libc6</tt>.
 	</p>
-
+        <p> Empty field values are only permitted in source package control files
+	  (<file>debian/control</file>). Such fields are ignored.
+        </p>
 	<p>
 	  A paragraph must not contain more than one instance of a
 	  particular field name.
@@ -2699,6 +2703,7 @@ Package: libc6
 	  file. These tools are responsible for removing the line
 	  breaks from such fields when using fields from
 	  <file>debian/control</file> to generate other control files.
+	  They are also responsible for discarding empty fields.
 	</p>
 
 	<p>
@@ -3673,7 +3678,7 @@ Files:
 	  <p>
 	    The special value <tt>byhand</tt> for the section in a
 	    <tt>.changes</tt> file indicates that the file in question
-	    is not an ordinary package file and must by installed by
+	    is not an ordinary package file and must be installed by
 	    hand by the distribution maintainers.  If the section is
 	    <tt>byhand</tt> the priority should be <tt>-</tt>.
 	  </p>
@@ -6972,8 +6977,7 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1)
                   <footnote>
                     This is necessary in order to reserve the directories for
                     use in cross-installation of library packages from other
-                    architectures, as part of the planned deployment of
-                    <tt>multiarch</tt>.
+                    architectures, as part of <tt>multiarch</tt>.
                   </footnote>
                 </p>
                 <p>
@@ -7053,6 +7057,11 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1)
 		    kernel information.</footnote>
 		</p>
 	      </item>
+	      <item>
+                <p>
+                  The <file>/var/www</file> directory is additionally allowed. 
+                </p>
+	      </item>
 	      <item>
 		<p>
                   The requirement for <file>/usr/local/lib&lt;qual&gt;</file>
@@ -7343,6 +7352,35 @@ rmdir /usr/local/share/emacs 2>/dev/null || true
 	      </item>
 
 	      <tag>65535:</tag>
+	      <item>
+		<p>
+		  This value <em>must not</em> be used, because it was
+		  the error return sentinel value when <tt>uid_t</tt>
+		  was 16 bits.
+		</p>
+	      </item>
+
+	      <tag>65536-4294967293:</tag>
+	      <item>
+		<p>
+		  Dynamically allocated user accounts.  By
+		  default <prgn>adduser</prgn> will not allocate UIDs
+		  and GIDs in this range, to ease compatibility with
+		  legacy systems where <tt>uid_t</tt> is still 16
+		  bits.
+	        </p>
+	      </item>
+
+	      <tag>4294967294:</tag>
+	      <item>
+		<p>
+                  <tt>(uid_t)(-2) == (gid_t)(-2)</tt> <em>must not</em> be
+                  used, because it is used as the anonymous, unauthenticated
+                  user by some NFS implementations.
+		</p>
+	      </item>
+
+	      <tag>4294967295:</tag>
 	      <item>
 		<p>
 		  <tt>(uid_t)(-1) == (gid_t)(-1)</tt> <em>must
@@ -8466,7 +8504,17 @@ fi
 	  renamed.  If a consensus cannot be reached, <em>both</em>
 	  programs must be renamed.
 	</p>
-
+	<p>
+          Binary executables must not be statically linked with the GNU C
+          library, since this prevents the binary from benefiting from
+          fixes and improvements to the C library without being rebuilt
+          and complicates security updates.  This requirement may be
+          relaxed for binary executables whose intended purpose is to
+          diagnose and fix the system in situations where the GNU C
+          library may not be usable (such as system recovery shells or
+          utilities like ldconfig) or for binary executables where the
+          security benefits of static linking outweigh the drawbacks.
+	</p>
 	<p>
          By default, when a package is being built, any binaries
          created should include debugging information, as well as
@@ -8875,6 +8923,7 @@ fname () {
 	    would point to <file>/srv/run</file> rather than the intended
 	    target.
 	  </footnote>
+	  Symbolic links must not traverse above the root directory.
 	</p>
 
 	<p>
@@ -9773,7 +9822,7 @@ http://localhost/cgi-bin/.../<var>cgi-bin-name</var>
 		<package>doc-base</package> package.  If access to the
 		web document root is unavoidable then use
 		<example compact="compact">
-/var/www
+/var/www/html
 		</example>
 		as the Document Root.  This might be just a symbolic
 		link to the location where the system administrator