path: root/en_US.ISO8859-1/articles/committers-guide/article.xml

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook XML V5.0-Based Extension//EN"
	"http://www.FreeBSD.org/XML/share/xml/freebsd50.dtd" [
<!ENTITY ga "Google Analytics">
]>

<article xmlns="http://docbook.org/ns/docbook"
  xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
  xml:lang="en">

  <info>
    <title>Committer's Guide</title>

    <author>
      <orgname>The &os; Documentation Project</orgname>
    </author>

    <copyright>
      <year>1999</year>
      <year>2000</year>
      <year>2001</year>
      <year>2002</year>
      <year>2003</year>
      <year>2004</year>
      <year>2005</year>
      <year>2006</year>
      <year>2007</year>
      <year>2008</year>
      <year>2009</year>
      <year>2010</year>
      <year>2011</year>
      <year>2012</year>
      <year>2013</year>
      <year>2014</year>
      <year>2015</year>
      <year>2016</year>
      <year>2017</year>
      <year>2018</year>
      <year>2019</year>
      <year>2020</year>
      <holder>The &os; Documentation Project</holder>
    </copyright>

    <legalnotice xml:id="trademarks" role="trademarks">
      &tm-attrib.freebsd;
      &tm-attrib.coverity;
      &tm-attrib.ibm;
      &tm-attrib.intel;
      &tm-attrib.sparc;
      &tm-attrib.general;
    </legalnotice>

    <pubdate>$FreeBSD$</pubdate>

    <releaseinfo>$FreeBSD$</releaseinfo>

    <abstract>
      <para>This document provides information for the &os;
	committer community.  All new committers should read this
	document before they start, and existing committers are
	strongly encouraged to review it from time to time.</para>

      <para>Almost all &os; developers have commit rights to one or
	more repositories.  However, a few developers do not, and some
	of the information here applies to them as well.  (For
	instance, some people only have rights to work with the
	Problem Report database).  Please see
	<xref linkend="non-committers"/> for more information.</para>

      <para>This document may also be of interest to members of the
	&os; community who want to learn more about how the project
	works.</para>
    </abstract>
  </info>

  <sect1 xml:id="admin">
    <title>Administrative Details</title>

    <informaltable frame="none" orient="port" pgwide="1">
      <tgroup cols="2">
	<colspec colwidth="20*"/>
	<colspec colwidth="80*"/>
	<tbody>
	  <row>
	    <entry><emphasis>Login Methods</emphasis></entry>
	    <entry>&man.ssh.1;, protocol 2 only</entry>
	  </row>

	  <row>
	    <entry><emphasis>Main Shell Host</emphasis></entry>
	    <entry><systemitem
		class="fqdomainname">freefall.FreeBSD.org</systemitem></entry>
	  </row>

	  <row>
	    <entry><emphasis>SMTP Host</emphasis></entry>
	    <entry>
	      <literal><systemitem
		class="fqdomainname">smtp.FreeBSD.org</systemitem>:587</literal>
	      (see also <xref linkend="smtp-setup"/>).</entry>
	  </row>

	  <row>
	    <entry><emphasis><literal>src/</literal> Subversion
		Root</emphasis></entry>
	    <entry><literal>svn+ssh://</literal><systemitem
		class="fqdomainname">repo.FreeBSD.org</systemitem><filename>/base</filename>
	      (see also <xref
		linkend="svn-getting-started-base-layout"/>).</entry>
	  </row>

	  <row>
	    <entry><emphasis><literal>doc/</literal> Subversion
		Root</emphasis></entry>
	    <entry><literal>svn+ssh://</literal><systemitem
		class="fqdomainname">repo.FreeBSD.org</systemitem><filename>/doc</filename>
	      (see also <xref
		linkend="svn-getting-started-doc-layout"/>).</entry>
	  </row>

	  <row>
	    <entry><emphasis><literal>ports/</literal> Subversion
		Root</emphasis></entry>

	    <entry><literal>svn+ssh://</literal><systemitem
		class="fqdomainname">repo.FreeBSD.org</systemitem><filename>/ports</filename>
	      (see also <xref
		linkend="svn-getting-started-ports-layout"/>).</entry>
	  </row>

	  <row>
	    <entry><emphasis>Internal Mailing Lists</emphasis></entry>
	    <entry>developers (technically called all-developers),
	      doc-developers, doc-committers, ports-developers,
	      ports-committers, src-developers, src-committers.  (Each
	      project repository has its own -developers and
	      -committers mailing lists.  Archives for these lists can
	      be found in the files
	      <filename>/local/mail/<replaceable>repository-name</replaceable>-developers-archive</filename>
	      and
	      <filename>/local/mail/<replaceable>repository-name</replaceable>-committers-archive</filename>
	      on the <systemitem
		class="fqdomainname">FreeBSD.org</systemitem>
	      cluster.)</entry>
	  </row>


	  <row>
	    <entry><emphasis>Core Team monthly
		reports</emphasis></entry>
	    <entry><filename>/home/core/public/monthly-reports</filename>
	      on the <systemitem
		class="fqdomainname">FreeBSD.org</systemitem>
	      cluster.</entry>
	  </row>

	  <row>
	    <entry><emphasis>Ports Management Team monthly
		reports</emphasis></entry>
	    <entry><filename>/home/portmgr/public/monthly-reports</filename>
	      on the <systemitem
		class="fqdomainname">FreeBSD.org</systemitem>
	      cluster.</entry>
	  </row>

	  <row>
	    <entry><emphasis>Noteworthy <literal>src/</literal> SVN
		Branches</emphasis></entry>
	    <entry>
	      <literal>stable/</literal><replaceable>n</replaceable>
	      (<replaceable>n</replaceable>-STABLE),
	      <literal>head</literal> (-CURRENT)</entry>
	  </row>
	</tbody>
      </tgroup>
    </informaltable>

    <para>&man.ssh.1; is required to connect to the project hosts.
      For more information, see <xref linkend="ssh.guide"/>.</para>

    <para>Useful links:</para>

    <itemizedlist>
      <listitem>
	<para><link xlink:href="&url.base;/internal/">&os;
	    Project Internal Pages</link></para>
      </listitem>

      <listitem>
	<para><link
	    xlink:href="&url.base;/internal/machines.html">&os;
	    Project Hosts</link></para>
      </listitem>

      <listitem>
	<para><link xlink:href="&url.base;/administration.html">&os;
	    Project Administrative Groups</link></para>
      </listitem>
    </itemizedlist>
  </sect1>

  <sect1 xml:id="pgpkeys">
    <title>Open<acronym>PGP</acronym> Keys for &os;</title>

    <para>Cryptographic keys conforming to the
      Open<acronym>PGP</acronym> (<emphasis>Pretty Good
      Privacy</emphasis>) standard are used by the &os; project to
      authenticate committers.  Messages carrying important
      information like public <acronym>SSH</acronym> keys can be
      signed with the Open<acronym>PGP</acronym> key to prove that
      they are really from the committer.  See
      <link xlink:href="http://www.nostarch.com/pgp_ml.htm">PGP &amp;
	GPG: Email for the Practical Paranoid by Michael Lucas</link>
      and <link
	xlink:href="http://en.wikipedia.org/wiki/Pretty_Good_Privacy"></link>
      for more information.</para>

    <sect2 xml:id="pgpkeys-creating">
      <title>Creating a Key</title>

      <para>Existing keys can be used, but should be checked with
	<filename>doc/head/share/pgpkeys/checkkey.sh</filename>
	first.  In this case, make sure the key has a &os; user
	ID.</para>

      <para>For those who do not yet have an
	Open<acronym>PGP</acronym> key, or need a new key to meet &os;
	security requirements, here we show how to generate
	one.</para>

      <procedure xml:id="pgpkeys-create-steps">

	<step>
	  <para>Install
	    <filename role="package">security/gnupg</filename>.  Enter
	    these lines in <filename>~/.gnupg/gpg.conf</filename> to
	    set minimum acceptable defaults:</para>

	  <programlisting>fixed-list-mode
keyid-format 0xlong
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed
use-agent
verify-options show-uid-validity
list-options show-uid-validity
sig-notation issuer-fpr@notations.openpgp.fifthhorseman.net=%g
cert-digest-algo SHA512</programlisting>
	</step>

	<step>
	  <para>Generate a key:</para>

	  <screen>&prompt.user; <userinput>gpg --full-gen-key</userinput>
gpg (GnuPG) 2.1.8; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Warning: using insecure memory!
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? <userinput>1</userinput>
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) <userinput>2048</userinput>  <co xml:id="co-pgp-bits"/>
Requested keysize is 2048 bits
Please specify how long the key should be valid.
	 0 = key does not expire
      &lt;n&gt;  = key expires in n days
      &lt;n&gt;w = key expires in n weeks
      &lt;n&gt;m = key expires in n months
      &lt;n&gt;y = key expires in n years
Key is valid for? (0) <userinput>3y</userinput>  <co xml:id="co-pgp-expire"/>
Key expires at Wed Nov  4 17:20:20 2015 MST
Is this correct? (y/N) <userinput>y</userinput>

GnuPG needs to construct a user ID to identify your key.

Real name: <userinput><replaceable>Chucky Daemon</replaceable></userinput> <co xml:id="co-pgp-realname"/>
Email address: <userinput><replaceable>notreal@example.com</replaceable></userinput>
Comment:
You selected this USER-ID:
    "<replaceable>Chucky Daemon &lt;notreal@example.com&gt;</replaceable>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? <userinput>o</userinput>
You need a Passphrase to protect your secret key.</screen>

	  <calloutlist>
	    <callout arearefs="co-pgp-bits">
	      <para>2048-bit keys with a three-year expiration provide
		adequate protection at present (2013-12).  <link
		  xlink:href="http://danielpocock.com/rsa-key-sizes-2048-or-4096-bits"/>
		describes the situation in more detail.</para>
	    </callout>

	    <callout arearefs="co-pgp-expire">
	      <para>A three year key lifespan is short enough to
		obsolete keys weakened by advancing computer power,
		but long enough to reduce key management
		problems.</para>
	    </callout>

	    <callout arearefs="co-pgp-realname">
	      <para>Use your real name here, preferably matching that
		shown on government-issued <acronym>ID</acronym> to
		make it easier for others to verify your identity.
		Text that may help others identify you can be entered
		in the <literal>Comment</literal> section.</para>
	    </callout>
	  </calloutlist>

	  <para>After the email address is entered, a passphrase is
	    requested.  Methods of creating a secure passphrase are
	    contentious.  Rather than suggest a single way, here are
	    some links to sites that describe various methods: <link
	      xlink:href="http://world.std.com/~reinhold/diceware.html"></link>,
	    <link
	      xlink:href="http://www.iusmentis.com/security/passphrasefaq/"></link>,
	    <link xlink:href="http://xkcd.com/936/"></link>,
	    <link
	      xlink:href="http://en.wikipedia.org/wiki/Passphrase"></link>.</para>
	</step>
      </procedure>

      <para>Protect the private key and passphrase.  If either the
	private key or passphrase may have been compromised or
	disclosed, immediately notify
	<email>accounts@FreeBSD.org</email> and revoke the key.</para>

      <para>Committing the new key is shown in
	<xref linkend="commit-steps"/>.</para>
    </sect2>
  </sect1>

  <sect1 xml:id="kerberos-ldap">
    <title>Kerberos and LDAP web Password for &os; Cluster</title>

    <para>The &os; cluster requires a Kerberos password to access
      certain services.  The Kerberos password also serves as the
      LDAP web password, since LDAP is proxying to Kerberos in the
      cluster.  Some of the services
      which require this include:</para>

    <itemizedlist>
      <listitem>
	<para><link
	    xlink:href="https://bugs.freebsd.org/bugzilla">Bugzilla</link></para>
      </listitem>
      <listitem>
	<para><link
	    xlink:href="https://ci.freebsd.org">Jenkins</link></para>
      </listitem>
    </itemizedlist>

    <para>To create a new Kerberos account in the &os; cluster, or to
      reset a Kerberos password for an existing account using a random
      password generator:</para>

    <screen>&prompt.user; <userinput>ssh kpasswd.freebsd.org</userinput></screen>

    <note>
      <para>This must be done from a machine outside of the &os;.org
	cluster.</para>
    </note>

    <para>A Kerberos password can also be set manually
      by logging into <systemitem
	class="fqdomainname">freefall.FreeBSD.org</systemitem> and
      running:</para>

    <screen>&prompt.user; <userinput>kpasswd</userinput></screen>

    <note>
      <para>Unless the Kerberos-authenticated services
	of the &os;.org cluster have been used previously,
	<errorname>Client unknown</errorname> will be shown.  This
	error means that the
	<command>ssh kpasswd.freebsd.org</command> method shown above
	must be used first to initialize the Kerberos account.</para>
    </note>

  </sect1>

  <sect1 xml:id="committer.types">
    <title>Commit Bit Types</title>

    <para>The &os; repository has a number of components which, when
      combined, support the basic operating system source,
      documentation, third party application ports infrastructure, and
      various maintained utilities.  When &os; commit bits are
      allocated, the areas of the tree where the bit may be used are
      specified.  Generally, the areas associated with a bit reflect
      who authorized the allocation of the commit bit.  Additional
      areas of authority may be added at a later date: when this
      occurs, the committer should follow normal commit bit allocation
      procedures for that area of the tree, seeking approval from the
      appropriate entity and possibly getting a mentor for that area
      for some period of time.</para>

    <informaltable frame="none" pgwide="1">
      <tgroup cols="3">
	<tbody>
	  <row>
	    <entry><emphasis>Committer Type</emphasis></entry>
	    <entry><emphasis>Responsible</emphasis></entry>
	    <entry><emphasis>Tree Components</emphasis></entry>
	  </row>

	  <row>
	    <entry>src</entry>
	    <entry>core@</entry>
	    <entry>src/, doc/ subject to appropriate review</entry>
	  </row>

	  <row>
	    <entry>doc</entry>
	    <entry>doceng@</entry>
	    <entry>doc/, ports/, src/ documentation</entry>
	  </row>

	  <row>
	    <entry>ports</entry>
	    <entry>portmgr@</entry>
	    <entry>ports/</entry>
	  </row>
	</tbody>
      </tgroup>
    </informaltable>

    <para>Commit bits allocated prior to the development of the notion
      of areas of authority may be appropriate for use in many parts
      of the tree.  However, common sense dictates that a committer
      who has not previously worked in an area of the tree seek review
      prior to committing, seek approval from the appropriate
      responsible party, and/or work with a mentor.  Since the rules
      regarding code maintenance differ by area of the tree, this is
      as much for the benefit of the committer working in an area of
      less familiarity as it is for others working on the tree.</para>

    <para>Committers are encouraged to seek review for their work as
      part of the normal development process, regardless of the area
      of the tree where the work is occurring.</para>

    <sect2>
      <title>Policy for Committer Activity in Other Trees</title>

      <itemizedlist>
	<listitem>
	  <para>All committers may modify
	    <filename>base/head/share/misc/committers-*.dot</filename>,
	    <filename>base/head/usr.bin/calendar/calendars/calendar.freebsd</filename>,
	    and
	    <filename>ports/head/astro/xearth/files</filename>.</para>
	</listitem>

	<listitem>
	  <para>doc committers may commit
	    documentation changes to <filename>src</filename>
	    files, such as man pages, READMEs, fortune databases,
	    calendar files, and comment fixes without approval from a
	    src committer, subject to the normal care and tending of
	    commits.</para>
	</listitem>

	<listitem>
	  <para>Any committer may make changes to any other tree
	    with an "Approved by" from a non-mentored committer with
	    the appropriate bit.</para>
	</listitem>

	<listitem>
	  <para>Committers can acquire an additional bit by the usual
	    process of finding a mentor who will propose them to core,
	    doceng, or portmgr, as appropriate.  When approved, they
	    will be added to 'access' and the normal mentoring period
	    will ensue, which will involve a continuing of
	    <quote>Approved by</quote> for some period.</para>
	</listitem>

	<listitem>
	  <para>"Approved by" is only acceptable from non-mentored src
	    committers -- mentored committers can provide a "Reviewed
	    by" but not an "Approved by".</para>
	</listitem>
      </itemizedlist>
    </sect2>
  </sect1>

  <sect1 xml:id="subversion-primer">
    <title>Subversion Primer</title>

    <para>New committers are assumed to already be familiar with the
      basic operation of Subversion.  If not, start by reading the
      <link xlink:href="http://svnbook.red-bean.com/">Subversion
	Book</link>.</para>

    <sect2 xml:id="svn-intro">
      <title>Introduction</title>

      <para>The &os; source repository switched from
	<acronym>CVS</acronym> to Subversion on May 31st, 2008.  The
	first real <acronym>SVN</acronym> commit is
	<emphasis>r179447</emphasis>.</para>

      <para>The &os; <literal>doc/www</literal> repository switched
	from <acronym>CVS</acronym> to Subversion on May 19th, 2012.
	The first real <acronym>SVN</acronym> commit is
	<emphasis>r38821</emphasis>.</para>

      <para>The &os; <literal>ports</literal> repository switched
	from <acronym>CVS</acronym> to Subversion on July 14th, 2012.
	The first real <acronym>SVN</acronym> commit is
	<emphasis>r300894</emphasis>.</para>

      <para>Subversion can be installed from the &os; Ports
	Collection by issuing these commands:</para>

      <screen>&prompt.root; <userinput>pkg install subversion</userinput></screen>

    </sect2>

    <sect2 xml:id="svn-getting-started">
      <title>Getting Started</title>

      <para>There are a few ways to obtain a working copy of the tree
	from Subversion.  This section will explain them.</para>

      <sect3 xml:id="svn-getting-started-direct-checkout">
	<title>Direct Checkout</title>

	<para>The first is to check out directly from the main
	  repository.  For the <literal>src</literal> tree,
	  use:</para>

	<screen>&prompt.user; <userinput>svn checkout svn+ssh://repo.freebsd.org/base/head /usr/src</userinput></screen>

	<para>For the <literal>doc</literal> tree, use:</para>

	<screen>&prompt.user; <userinput>svn checkout svn+ssh://repo.freebsd.org/doc/head /usr/doc</userinput></screen>

	<para>For the <literal>ports</literal> tree, use:</para>

	<screen>&prompt.user; <userinput>svn checkout svn+ssh://repo.freebsd.org/ports/head /usr/ports</userinput></screen>

	<note>
	  <para>Though the remaining examples in this document are
	    written with the workflow of working with the
	    <literal>src</literal> tree in mind, the underlying
	    concepts are the same for working with the
	    <literal>doc</literal> and the <literal>ports</literal>
	    tree.
	    Ports related Subversion operations are listed in
	    <xref linkend="ports"/>.</para>
	</note>

	<para>The above command will check out a
	  <literal>CURRENT</literal> source tree as
	  <filename><replaceable>/usr/src/</replaceable></filename>,
	  which can be any target directory on the local filesystem.
	  Omitting the final argument of that command causes the
	  working copy, in this case, to be named <quote>head</quote>,
	  but that can be renamed safely.</para>

	<para><literal>svn+ssh</literal> means the
	  <acronym>SVN</acronym> protocol tunnelled over
	  <acronym>SSH</acronym>.  The name of the server is
	  <literal>repo.freebsd.org</literal>, <literal>base</literal>
	  is the path to the repository, and <literal>head</literal>
	  is the subdirectory within the repository.</para>

	<para>If your &os; login name is different from the login
	  name used on the local machine, either include it in
	  the <acronym>URL</acronym> (for example
	  <literal>svn+ssh://jarjar@repo.freebsd.org/base/head</literal>),
	  or add an entry to <filename>~/.ssh/config</filename>
	  in the form:</para>

	<programlisting>Host repo.freebsd.org
	User jarjar</programlisting>

	<para>This is the simplest method, but it is hard to tell just
	  yet how much load it will place on the repository.</para>

	<note>
	  <para>The <command>svn diff</command> does not require
	    access to the server as <acronym>SVN</acronym> stores a
	    reference copy of every file in the working copy.  This,
	    however, means that Subversion working copies are very
	    large in size.</para>
	</note>
      </sect3>

      <sect3 xml:id="svn-getting-started-base-layout">
	<title><literal>RELENG_*</literal> Branches and General
	  Layout</title>

	<para>In <literal>svn+ssh://repo.freebsd.org/base</literal>,
	  <emphasis>base</emphasis> refers to the source tree.
	  Similarly, <emphasis>ports</emphasis> refers to the ports
	  tree, and so on.  These are separate repositories with their
	  own change number sequences, access controls and commit
	  mail.</para>

	<para>For the base repository, HEAD refers to the -CURRENT
	  tree.  For example, <filename>head/bin/ls</filename> is what
	  would go into <filename>/usr/src/bin/ls</filename> in a
	  release.  Some key locations are:</para>

	<itemizedlist>
	  <listitem>
	    <para><emphasis>/head/</emphasis> which corresponds to
	      <literal>HEAD</literal>, also known as
	      <literal>-CURRENT</literal>.</para>
	  </listitem>

	  <listitem>
	    <para><emphasis>/stable/<replaceable>n</replaceable></emphasis>
	      which corresponds to
	      <literal>RELENG_<replaceable>n</replaceable></literal>.</para>
	  </listitem>

	  <listitem>
	    <para><emphasis>/releng/<replaceable>n.n</replaceable></emphasis>
	      which corresponds to
	      <literal>RELENG_<replaceable>n_n</replaceable></literal>.</para>
	  </listitem>

	  <listitem>
	    <para><emphasis>/release/<replaceable>n.n.n</replaceable></emphasis>
	      which corresponds to
	      <literal>RELENG_<replaceable>n_n_n</replaceable>_RELEASE</literal>.</para>
	  </listitem>

	  <listitem>
	    <para><emphasis>/vendor*</emphasis> is the vendor branch
	      import work area.  This directory itself does not
	      contain branches, however its subdirectories do.  This
	      contrasts with the <emphasis>stable</emphasis>,
	      <emphasis>releng</emphasis> and
	      <emphasis>release</emphasis> directories.</para>
	  </listitem>

	  <listitem>
	    <para><emphasis>/projects</emphasis> and
	      <emphasis>/user</emphasis> feature a branch work area.
	      As above, the
	      <emphasis>/user</emphasis> directory does not contain
	      branches itself.</para>
	  </listitem>
	</itemizedlist>
      </sect3>

      <sect3 xml:id="svn-getting-started-doc-layout">
	<title>&os; Documentation Project Branches and
	  Layout</title>

	<para>In <literal>svn+ssh://repo.freebsd.org/doc</literal>,
	  <emphasis>doc</emphasis> refers to the repository root of
	  the source tree.</para>

	<para>In general, most &os; Documentation Project work will be
	  done within the <filename>head/</filename> branch of the
	  documentation source tree.</para>

	<para>&os; documentation is written and/or translated to
	  various languages, each in a separate
	  directory in the <filename>head/</filename>
	  branch.</para>

	<para>Each translation set contains several subdirectories for
	  the various parts of the &os; Documentation Project.  A few
	  noteworthy directories are:</para>

	<itemizedlist>
	  <listitem>
	    <para><emphasis>/articles/</emphasis> contains the source
	      code for articles written by various &os;
	      contributors.</para>
	  </listitem>

	  <listitem>
	    <para><emphasis>/books/</emphasis> contains the source
	      code for the different books, such as the
	      &os;&nbsp;Handbook.</para>
	  </listitem>

	  <listitem>
	    <para><emphasis>/htdocs/</emphasis> contains the source
	      code for the &os;&nbsp;website.</para>
	  </listitem>
	</itemizedlist>
      </sect3>

      <sect3 xml:id="svn-getting-started-ports-layout">
	<title>&os; Ports Tree Branches and Layout</title>

	<para>In <literal>svn+ssh://repo.freebsd.org/ports</literal>,
	  <emphasis>ports</emphasis> refers to the repository root of
	  the ports tree.</para>

	<para>In general, most &os; port work will be done within the
	  <filename>head/</filename> branch of the ports tree which is
	  the actual ports tree used to install software.  Some other
	  key locations are:</para>

	<itemizedlist>
	  <listitem>
	    <para><emphasis>/branches/RELENG_<replaceable>n_n_n</replaceable></emphasis>
	      which corresponds to
	      <literal>RELENG_<replaceable>n_n_n</replaceable></literal>
	      is used to merge back security updates in preparation
	      for a release.</para>
	  </listitem>

	  <listitem>
	    <para><emphasis>/tags/RELEASE_<replaceable>n_n_n</replaceable></emphasis>
	      which corresponds to
	      <literal>RELEASE_<replaceable>n_n_n</replaceable></literal>
	      represents a release tag of the ports tree.</para>
	  </listitem>

	  <listitem>
	    <para><emphasis>/tags/RELEASE_<replaceable>n</replaceable>_EOL</emphasis>
	      represents the end of life tag of a specific &os;
	      branch.</para>
	  </listitem>
	</itemizedlist>
      </sect3>
    </sect2>

    <sect2 xml:id="svn-daily-use">
      <title>Daily Use</title>

      <para>This section will explain how to perform common day-to-day
	operations with Subversion.</para>

      <sect3 xml:id="svn-daily-use-help">
	<title>Help</title>

	<para><acronym>SVN</acronym> has built in help documentation.
	  It can be accessed by typing:</para>

	<screen>&prompt.user; <userinput>svn help</userinput></screen>

	<para>Additional information can be found in the
	  <link xlink:href="http://svnbook.red-bean.com/">Subversion
	    Book</link>.</para>
      </sect3>

      <sect3 xml:id="svn-daily-use-checkout">
	<title>Checkout</title>

	<para>As seen earlier, to check out the &os; head
	  branch:</para>

	<screen>&prompt.user; <userinput>svn checkout svn+ssh://repo.freebsd.org/base/head /usr/src</userinput></screen>

	<para>At some point, more than just <literal>HEAD</literal>
	  will probably be useful, for instance when merging changes
	  to stable/7.  Therefore, it may be useful to have a partial
	  checkout of the complete tree (a full checkout would be very
	  painful).</para>

	<para>To do this, first check out the root of the
	  repository:</para>

	<screen>&prompt.user; <userinput>svn checkout --depth=immediates svn+ssh://repo.freebsd.org/base</userinput></screen>

	<para>This will give <literal>base</literal> with all the
	  files it contains (at the time of writing, just
	  <filename>ROADMAP.txt</filename>) and empty subdirectories
	  for <literal>head</literal>, <literal>stable</literal>,
	  <literal>vendor</literal> and so on.</para>

	<para>Expanding the working copy is possible.  Just change the
	  depth of the various subdirectories:</para>

	<screen>&prompt.user; <userinput>svn up --set-depth=infinity base/head</userinput>
&prompt.user; <userinput>svn up --set-depth=immediates base/release base/releng base/stable</userinput></screen>

	<para>The above command will pull down a full copy of
	  <literal>head</literal>, plus empty copies of every
	  <literal>release</literal> tag, every
	  <literal>releng</literal> branch, and every
	  <literal>stable</literal> branch.</para>

	<para>If at a later date merging to
	  <literal>7-STABLE</literal> is required, expand the working
	  copy:</para>

	<screen>&prompt.user; <userinput>svn up --set-depth=infinity base/stable/7</userinput></screen>

	<para>Subtrees do not have to be expanded completely.  For
	  instance, expanding only <literal>stable/7/sys</literal> and
	  then later expand the rest of
	  <literal>stable/7</literal>:</para>

	<screen>&prompt.user; <userinput>svn up --set-depth=infinity base/stable/7/sys</userinput>
&prompt.user; <userinput>svn up --set-depth=infinity base/stable/7</userinput></screen>

	<para>Updating the tree with <command>svn update</command>
	  will only update what was previously asked for (in this
	  case, <literal>head</literal> and
	  <literal>stable/7</literal>; it will not pull down the whole
	  tree.</para>
      </sect3>

      <sect3 xml:id="svn-daily-use-anonymous-checkout">
	<title>Anonymous Checkout</title>

	<para>It is possible to anonymously check out the &os;
	  repository with Subversion.  This will give access to a
	  read-only tree that can be updated, but not committed back
	  to the main repository.  To do this, use:</para>

	<screen>&prompt.user; <userinput>svn co https://svn.FreeBSD.org/base/head /usr/src</userinput></screen>

	<para>More details on using Subversion this way can be found
	  in <link xlink:href="&url.books.handbook;/svn.html">Using
	    Subversion</link>.</para>
      </sect3>

      <sect3 xml:id="svn-daily-use-updating-the-tree">
	<title>Updating the Tree</title>

	<para>To update a working copy to either the latest revision,
	  or a specific revision:</para>

	<screen>&prompt.user; <userinput>svn update</userinput>
&prompt.user; <userinput>svn update -<replaceable>r12345</replaceable></userinput></screen>
      </sect3>

      <sect3 xml:id="svn-daily-use-status">
	<title>Status</title>

	<para>To view the local changes that have been made to the
	  working copy:</para>

	<screen>&prompt.user; <userinput>svn status</userinput></screen>

	<para>To show local changes and files that are out-of-date
	  do:</para>

	<screen>&prompt.user; <userinput>svn status --show-updates</userinput></screen>
      </sect3>

      <sect3 xml:id="svn-daily-use-editing-and-committing">
	<title>Editing and Committing</title>

	<para><acronym>SVN</acronym> does not need to
	  be told in advance about file editing.</para>

	<para>To commit all changes in
	  the current directory and all subdirectories:</para>

	<screen>&prompt.user; <userinput>svn commit</userinput></screen>

	<para>To commit all changes in, for example,
	  <filename><replaceable>lib/libfetch/</replaceable></filename>
	  and
	  <filename><replaceable>usr/bin/fetch/</replaceable></filename>
	  in a single operation:</para>

	<screen>&prompt.user; <userinput>svn commit <replaceable>lib/libfetch</replaceable> <replaceable>usr/bin/fetch</replaceable></userinput></screen>

	<para>There is also a commit wrapper for the ports tree to
	  handle the properties and sanity checking the
	  changes:</para>

	<screen>&prompt.user; <userinput>/usr/ports/Tools/scripts/psvn commit</userinput></screen>
      </sect3>

      <sect3 xml:id="svn-daily-use-adding-and-removing">
	<title>Adding and Removing Files</title>

	<note>
	  <para>Before adding files, get a copy of <link
	      xlink:href="https://people.FreeBSD.org/~peter/auto-props.txt">auto-props.txt</link>
	    (there is also a <link
	      xlink:href="https://people.FreeBSD.org/~beat/cvs2svn/auto-props.txt">
	      ports tree specific version</link>) and add it to
	    <filename>~/.subversion/config</filename> according to the
	    instructions in the file.  If you added something before
	    reading this, use <command>svn rm --keep-local</command>
	    for just added files, fix your config file and re-add them
	    again.  The initial config file is created when you first
	    run a svn command, even something as simple as
	    <command>svn help</command>.</para>
	</note>

	<para>Files are added to a
	  <acronym>SVN</acronym> repository with <command>svn
	    add</command>.  To add a file named
	  <emphasis>foo</emphasis>, edit it, then:</para>

	<screen>&prompt.user; <userinput>svn add <replaceable>foo</replaceable></userinput></screen>

	<note>
	  <para>Most new source files should include a
	    <literal>&dollar;&os;&dollar;</literal> string near the
	    start of the file.  On commit, <command>svn</command> will
	    expand the <literal>&dollar;&os;&dollar;</literal> string,
	    adding the file path, revision number, date and time of
	    commit, and the username of the committer.  Files which
	    cannot be modified may be committed without the
	    <literal>&dollar;&os;&dollar;</literal> string.</para>
	</note>

	<para>Files can be removed with <command>svn
	    remove</command>:</para>

	<screen>&prompt.user; <userinput>svn remove <replaceable>foo</replaceable></userinput></screen>

	<para>Subversion does not require deleting the file before
	  using <command>svn rm</command>, and indeed complains if
	  that happens.</para>

	<para>It is possible to add directories with
	  <command>svn add</command>:</para>

	<screen>&prompt.user; <userinput>mkdir <replaceable>bar</replaceable></userinput>
&prompt.user; <userinput>svn add <replaceable>bar</replaceable></userinput></screen>

	<para>Although <command>svn mkdir</command> makes this easier
	  by combining the creation of the directory and the adding of
	  it:</para>

	<screen>&prompt.user; <userinput>svn mkdir <replaceable>bar</replaceable></userinput></screen>

	<para>Like files, directories are removed with
	  <command>svn rm</command>.  There is no separate command
	  specifically for removing directories.</para>

	<screen>&prompt.user; <userinput>svn rm <replaceable>bar</replaceable></userinput></screen>
      </sect3>

      <sect3 xml:id="svn-daily-use-copying-and-moving">
	<title>Copying and Moving Files</title>

	<para>This command creates a copy of
	  <filename>foo.c</filename> named <filename>bar.c</filename>,
	  with the new file also under version control and with the
	  full history of <filename>foo.c</filename>:</para>

	<screen>&prompt.user; <userinput>svn copy <replaceable>foo.c</replaceable> <replaceable>bar.c</replaceable></userinput></screen>

	<para>This is usually preferred to copying the file with
	  <command>cp</command> and adding it to the repository with
	  <command>svn add</command> because this way the new file
	  does not inherit the original one's history.</para>

	<para>To move and rename a file:</para>

	<screen>&prompt.user; <userinput>svn move <replaceable>foo.c</replaceable> <replaceable>bar.c</replaceable></userinput></screen>
      </sect3>

      <sect3 xml:id="svn-daily-use-log-and-annotate">
	<title>Log and Annotate</title>

	<para><command>svn log</command> shows revisions and commit
	  messages, most recent first, for files or directories.  When
	  used on a directory, all revisions that affected the
	  directory and files within that directory are shown.</para>

	<para><command>svn annotate</command>, or equally <command>svn
	    praise</command> or <command>svn blame</command>, shows
	  the most recent revision number and who committed that
	  revision for each line of a file.</para>
      </sect3>

      <sect3 xml:id="svn-daily-use-diffs">
	<title>Diffs</title>

	<para><command>svn diff</command> displays changes to the
	  working copy.  Diffs generated by <acronym>SVN</acronym> are
	  unified and include new files by default in the diff
	  output.</para>

	<para><command>svn diff</command> can show the changes between
	  two revisions of the same file:</para>

	<screen>&prompt.user; <userinput>svn diff -r179453:179454 ROADMAP.txt</userinput></screen>

	<para>It can also show all changes for a specific changeset.
	  This command shows what changes were made to the
	  current directory and all subdirectories in changeset
	  179454:</para>

	<screen>&prompt.user; <userinput>svn diff -c179454 .</userinput></screen>
      </sect3>

      <sect3 xml:id="svn-daily-use-reverting">
	<title>Reverting</title>

	<para>Local changes (including additions and deletions) can be
	  reverted using <command>svn revert</command>.  It does not
	  update out-of-date files, but just replaces them with
	  pristine copies of the original version.</para>
      </sect3>

      <sect3 xml:id="svn-daily-use-conflicts">
	<title>Conflicts</title>

	<para>If an <command>svn update</command> resulted in a merge
	  conflict, Subversion will remember which files have
	  conflicts and refuse to commit any changes to those files
	  until explicitly told that the conflicts have been resolved.
	  The simple, not yet deprecated procedure is:</para>

	<screen>&prompt.user; <userinput>svn resolved <replaceable>foo</replaceable></userinput></screen>

	<para>However, the preferred procedure is:</para>

	<screen>&prompt.user; <userinput>svn resolve --accept=working <replaceable>foo</replaceable></userinput></screen>

	<para>The two examples are equivalent.  Possible values for
	  <literal>--accept</literal> are:</para>

	<itemizedlist>
	  <listitem>
	    <para><literal>working</literal>: use the version in your
	      working directory (which one presumes has been edited to
	      resolve the conflicts).</para>
	  </listitem>

	  <listitem>
	    <para><literal>base</literal>: use a pristine copy of the
	      version you had before <command>svn update</command>,
	      discarding your own changes, the conflicting changes,
	      and possibly other intervening changes as well.</para>
	  </listitem>

	  <listitem>
	    <para><literal>mine-full</literal>: use what you had
	      before <command>svn update</command>, including your own
	      changes, but discarding the conflicting changes, and
	      possibly other intervening changes as well.</para>
	  </listitem>

	  <listitem>
	    <para><literal>theirs-full</literal>: use the version that
	      was retrieved when you did
	      <command>svn update</command>, discarding your own
	      changes.</para>
	  </listitem>
	</itemizedlist>
      </sect3>
    </sect2>

    <sect2>
      <title>Advanced Use</title>

      <sect3 xml:id="svn-advanced-use-sparse-checkouts">
	<title>Sparse Checkouts</title>

	<para><acronym>SVN</acronym> allows
	  <emphasis>sparse</emphasis>, or partial checkouts of a
	  directory by adding <option>--depth</option> to a
	  <command>svn checkout</command>.</para>

	<para>Valid arguments to <option>--depth</option>
	  are:</para>

	<itemizedlist>
	  <listitem>
	    <para><literal>empty</literal>: the directory itself
	      without any of its contents.</para>
	  </listitem>

	  <listitem>
	    <para><literal>files</literal>: the directory and any
	      files it contains.</para>
	  </listitem>

	  <listitem>
	    <para><literal>immediates</literal>: the directory and any
	      files and directories it contains, but none of the
	      subdirectories' contents.</para>
	  </listitem>

	  <listitem>
	    <para><literal>infinity</literal>: anything.</para>
	  </listitem>
	</itemizedlist>

	<para>The <literal>--depth</literal> option applies to many
	  other commands, including <command>svn commit</command>,
	  <command>svn revert</command>, and <command>svn
	    diff</command>.</para>

	<para>Since <literal>--depth</literal> is sticky, there is a
	  <literal>--set-depth</literal> option for <command>svn
	    update</command> that will change the selected depth.
	  Thus, given the working copy produced by the previous
	  example:</para>

	<screen>&prompt.user; <userinput>cd <replaceable>~/freebsd</replaceable></userinput>
&prompt.user; <userinput>svn update --set-depth=immediates .</userinput></screen>

	<para>The above command will populate the working copy in
	  <replaceable>~/freebsd</replaceable> with
	  <filename>ROADMAP.txt</filename> and empty subdirectories,
	  and nothing will happen when <command>svn update</command>
	  is executed on the subdirectories.  However, this
	  command will set the depth for
	  <replaceable>head</replaceable> (in this case) to infinity,
	  and fully populate it:</para>

	<screen>&prompt.user; <userinput>svn update --set-depth=infinity <replaceable>head</replaceable></userinput></screen>
      </sect3>

      <sect3 xml:id="svn-advanced-use-direct-operation">
	<title>Direct Operation</title>

	<para>Certain operations can be performed directly on the
	  repository without touching the working copy.  Specifically,
	  this applies to any operation that does not require editing
	  a file, including:</para>

	<itemizedlist>
	  <listitem>
	    <para><literal>log</literal>,
	      <literal>diff</literal></para>
	  </listitem>

	  <listitem>
	    <para><literal>mkdir</literal></para>
	  </listitem>

	  <listitem>
	    <para><literal>remove</literal>, <literal>copy</literal>,
	      <literal>rename</literal></para>
	  </listitem>

	  <listitem>
	    <para><literal>propset</literal>,
	      <literal>propedit</literal>,
	      <literal>propdel</literal></para>
	  </listitem>

	  <listitem>
	    <para><literal>merge</literal></para>
	  </listitem>
	</itemizedlist>

	<para>Branching is very fast.  This command would be
	  used to branch <literal>RELENG_8</literal>:</para>

	<screen>&prompt.user; <userinput>svn copy svn+ssh://repo.freebsd.org/base/head svn+ssh://repo.freebsd.org/base/stable/8</userinput></screen>

	<para>This is equivalent to these commands
	  which take minutes and hours as opposed to seconds,
	  depending on your network connection:</para>

	<screen>&prompt.user; <userinput>svn checkout --depth=immediates svn+ssh://repo.freebsd.org/base</userinput>
&prompt.user; <userinput>cd base</userinput>
&prompt.user; <userinput>svn update --set-depth=infinity head</userinput>
&prompt.user; <userinput>svn copy head stable/8</userinput>
&prompt.user; <userinput>svn commit stable/8</userinput></screen>
      </sect3>

      <sect3 xml:id="svn-advanced-use-merging">
	<title>Merging with <acronym>SVN</acronym></title>

	<para>This section deals with merging code from one branch to
	  another (typically, from head to a stable branch).</para>

	<note>
	  <para>In all examples below, <literal>&dollar;FSVN</literal>
	    refers to the location of the &os; Subversion repository,
	    <literal>svn+ssh://repo.freebsd.org/base/</literal>.</para>
	</note>

	<sect4>
	  <title>About Merge Tracking</title>

	  <para>From the user's perspective, merge tracking
	    information (or mergeinfo) is stored in a property called
	    <literal>svn:mergeinfo</literal>, which is a
	    comma-separated list of revisions and ranges of revisions
	    that have been merged.  When set on a file, it applies
	    only to that file.  When set on a directory, it applies to
	    that directory and its descendants (files and directories)
	    except for those that have their own
	    <literal>svn:mergeinfo</literal>.</para>

	  <para>It is <emphasis>not</emphasis> inherited.  For
	    instance, <filename>stable/6/contrib/openpam/</filename>
	    does not implicitly inherit mergeinfo from
	    <filename>stable/6/</filename>, or
	    <filename>stable/6/contrib/</filename>.
	    Doing so would make partial checkouts very hard to manage.
	    Instead, mergeinfo is explicitly propagated down the tree.
	    For merging something into
	    <filename>branch/foo/bar/</filename>,
	    these rules apply:</para>

	  <orderedlist>
	    <listitem>
	      <para>If
		<filename>branch/foo/bar/</filename>
		does not already have a mergeinfo record, but a direct
		ancestor (for instance,
		<filename>branch/foo/</filename>)
		does, then that record will be propagated down to
		<filename>branch/foo/bar/</filename>
		before information about the current merge is
		recorded.</para>
	    </listitem>

	    <listitem>
	      <para>Information about the current merge will
		<emphasis>not</emphasis> be propagated back up that
		ancestor.</para>
	    </listitem>

	    <listitem>
	      <para>If a direct descendant of
		<filename>branch/foo/bar/</filename> (for instance,
		<filename>branch/foo/bar/baz/</filename>) already has
		a mergeinfo record, information about the current
		merge will be propagated down to it.</para>
	    </listitem>
	  </orderedlist>

	  <para>If you consider the case where a revision changes
	    several separate parts of the tree (for example,
	    <filename>branch/foo/bar/</filename> and
	    <filename>branch/foo/quux/</filename>), but you only want
	    to merge some of it (for example,
	    <filename>branch/foo/bar/</filename>), you will see that
	    these rules make sense.  If mergeinfo was propagated up,
	    it would seem like that revision had also been merged to
	    <filename>branch/foo/quux/</filename>, when in fact it had
	    not been.</para>
	</sect4>

	<sect4 xml:id="merge-source">
	  <title>Selecting the Source and Target Branch
	    When Merging</title>

	  <para>Merging to <literal>stable/</literal> branches should
	    originate from <literal>head/</literal>.  For
	    example:</para>

	  <screen>&prompt.user; svn merge -c <replaceable>r123456</replaceable> ^/head/ stable/<replaceable>11</replaceable>
&prompt.user; svn commit stable/<replaceable>11</replaceable></screen>

	  <para>Merges to <literal>releng/</literal> branches should
	    always originate from the corresponding
	    <literal>stable/</literal> branch.  For example:</para>

	  <screen>&prompt.user; svn merge -c <replaceable>r123456</replaceable> ^/stable/<replaceable>11</replaceable>  releng/<replaceable>11.0</replaceable>
&prompt.user; svn commit releng/<replaceable>11.0</replaceable></screen>

	  <note>
	    <para>Committers are only permitted to commit to the
	      <literal>releng/</literal> branches during a release
	      cycle after receiving approval from the Release
	      Engineering Team, after which only the Security Officer
	      may commit to a <literal>releng/</literal> branch for
	      a Security Advisory or Errata Notice.</para>
	  </note>

	  <para>All merges are
	    merged to and committed from the root of the
	    branch.  All merges look like:</para>

	  <screen>&prompt.user; svn merge -c <replaceable>r123456</replaceable> ^/head/ <replaceable>checkout</replaceable>
&prompt.user; svn commit <replaceable>checkout</replaceable></screen>

	  <para>Note that <replaceable>checkout</replaceable> must be
	    a complete checkout of the branch to which the merge
	    occurs.</para>

	  <screen>&prompt.user; svn merge -c <replaceable>r123456</replaceable> ^/stable/<replaceable>10</replaceable> releng/<replaceable>10.0</replaceable></screen>
	</sect4>

	<sect4>
	  <title>Preparing the Merge Target</title>

	  <para>Due to the mergeinfo propagation issues described
	    earlier, it is very important to never merge changes
	    into a sparse working copy.  Always use a full
	    checkout of the branch being merged into.  For instance,
	    when merging from HEAD to 7, use a full checkout
	    of stable/7:</para>

	  <screen>&prompt.user; <userinput>cd stable/7</userinput>
&prompt.user; <userinput>svn up --set-depth=infinity</userinput></screen>

	  <para>The target directory must also be up-to-date and must
	    not contain any uncommitted changes or stray files.</para>
	</sect4>

	<sect4>
	  <title>Identifying Revisions</title>

	  <para>Identifying revisions to be merged is a must.  If the
	    target already has complete mergeinfo, ask
	    <acronym>SVN</acronym> for a list:</para>

	  <screen>&prompt.user; <userinput>cd stable/6/contrib/openpam</userinput>
&prompt.user; <userinput>svn mergeinfo --show-revs=eligible $FSVN/head/contrib/openpam</userinput></screen>

	  <para>If the target does not have complete mergeinfo, check
	    the log for the merge source.</para>
	</sect4>

	<sect4>
	  <title>Merging</title>

	  <para>Now, let us start merging!</para>

	  <sect5>
	    <title>The Principles</title>

	    <para>For example, To merge:</para>

	    <itemizedlist>
	      <listitem>
		<para>revision <literal>&dollar;R</literal></para>
	      </listitem>

	      <listitem>
		<para>in directory &dollar;target in stable branch
		  &dollar;B</para>
	      </listitem>

	      <listitem>
		<para>from directory &dollar;source in head</para>
	      </listitem>

	      <listitem>
		<para>&dollar;FSVN is
		  <literal>svn+ssh://repo.freebsd.org/base</literal></para>
	      </listitem>
	    </itemizedlist>

	    <para>Assuming that revisions &dollar;P and &dollar;Q have
	      already been merged, and that the current directory is
	      an up-to-date working copy of stable/&dollar;B, the
	      existing mergeinfo looks like this:</para>

	    <screen>&prompt.user; <userinput>svn propget svn:mergeinfo -R $target</userinput>
$target - /head/$source:$P,$Q</screen>

	    <para>Merging is done like so:</para>

	    <screen>&prompt.user; <userinput>svn merge -c$R $FSVN/head/$source $target</userinput></screen>

	    <para>Checking the results of this is possible with
	      <command>svn diff</command>.</para>

	    <para>The svn:mergeinfo now looks like:</para>

	    <screen>&prompt.user; <userinput>svn propget svn:mergeinfo -R $target</userinput>
$target - head/$source:$P,$Q,$R</screen>

	    <para>If the results are not exactly as shown, assistance
	      may be required before committing as mistakes may have
	      been made, or there may be something wrong with the
	      existing mergeinfo, or there may be a bug in
	      Subversion.</para>
	  </sect5>

	  <sect5>
	    <title>Practical Example</title>

	    <para>As a practical example, consider this
	      scenario.  The changes to <filename>netmap.4</filename>
	      in r238987 are to be merged from CURRENT to 9-STABLE.
	      The file resides in
	      <filename>head/share/man/man4</filename>.  According
	      to <xref linkend="svn-advanced-use-merging"/>, this is
	      also where to do the merge.  Note that in this example
	      all paths are relative to the top of the svn repository.
	      For more information on the directory layout, see <xref
		linkend="svn-getting-started-base-layout"/>.</para>

	    <para>The first step is to inspect the existing
	      mergeinfo.</para>

	    <screen>&prompt.user; <userinput>svn propget svn:mergeinfo -R stable/9/share/man/man4</userinput></screen>

	    <para>Take a quick note of how it looks before moving on
	      to the next step; doing the actual merge:</para>

	    <screen>&prompt.user; <userinput>svn merge -c r238987 svn+ssh://repo.freebsd.org/base/head/share/man/man4 stable/9/share/man/man4</userinput>
--- Merging r238987 into 'stable/9/share/man/man4':
U    stable/9/share/man/man4/netmap.4
--- Recording mergeinfo for merge of r238987 into
'stable/9/share/man/man4':
 U   stable/9/share/man/man4</screen>

	    <para>Check that the revision number of the merged
	      revision has been added.  Once this is verified, the
	      only thing left is the actual commit.</para>

	    <screen>&prompt.user; <userinput>svn commit stable/9/share/man/man4</userinput></screen>
	  </sect5>
	</sect4>

	<sect4>
	  <title>Precautions Before Committing</title>

	  <para>As always, build world (or appropriate parts of
	    it).</para>

	  <para>Check the changes with <command>svn diff</command> and
	    <command>svn stat</command>.  Make sure all the files that
	    should have been added or deleted were in fact added or
	    deleted.</para>

	  <para>Take a closer look at any property change (marked by a
	    <literal>M</literal> in the second column of <command>svn
	      stat</command>).  Normally, no svn:mergeinfo properties
	    should be anywhere except the target directory (or
	    directories).</para>

	  <para>If something looks fishy, ask for help.</para>
	</sect4>

	<sect4>
	  <title>Committing</title>

	  <para>Make sure to commit a top level directory to have the
	    mergeinfo included as well.  Do not specify individual
	    files on the command line.  For more information about
	    committing files in general, see the relevant section of
	    this primer.</para>
	</sect4>
      </sect3>

      <sect3 xml:id="svn-advanced-use-vendor-imports">
	<title>Vendor Imports with <acronym>SVN</acronym></title>

	<important>
	  <para>Please read this entire section before starting a
	    vendor import.</para>
	</important>

	<note>
	  <para>Patches to vendor code fall into two
	    categories:</para>

	  <itemizedlist>
	    <listitem>
	      <para>Vendor patches: these are patches that have been
		issued by the vendor, or that have been extracted from
		the vendor's version control system, which address
		issues which cannot wait until the
		next vendor release.</para>
	    </listitem>

	    <listitem>
	      <para>&os; patches: these are patches that modify the
		vendor code to address &os;-specific issues.</para>
	    </listitem>
	  </itemizedlist>

	  <para>The nature of a patch dictates where it should be
	    committed:</para>

	  <itemizedlist>
	    <listitem>
	      <para>Vendor patches must be committed to the vendor
		branch, and merged from there to head.  If the patch
		addresses an issue in a new release that is currently
		being imported, it <emphasis>must not</emphasis> be
		committed along with the new release: the release must
		be imported and tagged first, then the patch can be
		applied and committed.  There is no need to re-tag the
		vendor sources after committing the patch.</para>
	    </listitem>

	    <listitem>
	      <para>&os; patches are committed directly to
		head.</para>
	    </listitem>
	  </itemizedlist>
	</note>

	<sect4>
	  <title>Preparing the Tree</title>

	  <para>If importing for the first time after the switch to
	    Subversion, flattening and cleaning up the vendor tree is
	    necessary, as well as bootstrapping the merge history in
	    the main tree.</para>

	  <sect5>
	    <title>Flattening</title>

	    <para>During the conversion from <acronym>CVS</acronym> to
	      Subversion, vendor branches were imported with the same
	      layout as the main tree.  This means that the
	      <literal>pf</literal> vendor sources ended up in
	      <filename>vendor/pf/dist/contrib/pf</filename>.  The
	      vendor source is best directly in
	      <filename>vendor/pf/dist</filename>.</para>

	    <para>To flatten the <literal>pf</literal> tree:</para>

	    <screen>&prompt.user; <userinput>cd <replaceable>vendor/pf/dist/contrib/pf</replaceable></userinput>
&prompt.user; <userinput>svn mv $(svn list) ../..</userinput>
&prompt.user; <userinput>cd ../..</userinput>
&prompt.user; <userinput>svn rm contrib</userinput>
&prompt.user; <userinput>svn propdel -R svn:mergeinfo .</userinput>
&prompt.user; <userinput>svn commit</userinput></screen>

	    <para>The <literal>propdel</literal> bit is necessary
	      because starting with 1.5, Subversion will automatically
	      add <literal>svn:mergeinfo</literal> to any directory
	      that is copied or moved.  In this case, as nothing is
	      being merged from the deleted tree, they just get in the
	      way.</para>

	    <para>Tags may be flattened as well (3, 4, 3.5 etc.); the
	      procedure is exactly the same, only changing
	      <literal>dist</literal> to <literal>3.5</literal> or
	      similar, and putting the <command>svn commit</command>
	      off until the end of the process.</para>
	  </sect5>

	  <sect5>
	    <title>Cleaning Up</title>

	    <para>The <literal>dist</literal> tree can be cleaned up
	      as necessary.  Disabling keyword expansion is
	      recommended, as it makes no sense on unmodified vendor
	      code and in some cases it can even be harmful.
	      <application>OpenSSH</application>, for example,
	      includes two files that originated with &os; and still
	      contain the original version tags.  To do this:</para>

	    <screen>&prompt.user; <userinput>svn propdel svn:keywords -R .</userinput>
&prompt.user; <userinput>svn commit</userinput></screen>
	  </sect5>

	  <sect5>
	    <title>Bootstrapping Merge History</title>

	    <para>If importing for the first time after the switch to
	      Subversion, bootstrap <literal>svn:mergeinfo</literal>
	      on the target directory in the main tree to the revision
	      that corresponds to the last related change to the
	      vendor tree, prior to importing new sources:</para>

	    <screen>&prompt.user; <userinput>cd <replaceable>head/contrib/pf</replaceable></userinput>
&prompt.user; <userinput>svn merge --record-only svn+ssh://repo.freebsd.org/base/<replaceable>vendor/pf/dist@180876</replaceable> .</userinput>
&prompt.user; <userinput>svn commit</userinput></screen>
	  </sect5>
	</sect4>

	<sect4>
	  <title>Importing New Sources</title>

	  <para>With two commits&mdash;one for the import itself and
	    one for the tag&mdash;this step can optionally be repeated
	    for every upstream release between the last import and the
	    current import.</para>

	  <sect5>
	    <title>Preparing the Vendor Sources</title>

	    <para>Subversion is able to store a
	      full distribution in the vendor tree.  So, import
	      everything, but merge only what is required.</para>

	    <para>A <command>svn add</command> is required to add any
	      files that were added since the last vendor import, and
	      <command>svn rm</command> is required to remove any that
	      were removed since.  Preparing sorted lists of the
	      contents of the vendor tree and of the sources that are
	      about to be imported is recommended, to facilitate the
	      process.</para>

	    <screen>&prompt.user; <userinput>cd <replaceable>vendor/pf/dist</replaceable></userinput>
&prompt.user; <userinput>svn list -R | grep -v '/$' | sort &gt;../old</userinput>
&prompt.user; <userinput>cd <replaceable>../pf-4.3</replaceable></userinput>
&prompt.user; <userinput>find . -type f | cut -c 3- | sort &gt;../new</userinput></screen>

	    <para>With these two files,
	      <command>comm -23 ../old ../new</command> will list
	      removed files (files only in <filename>old</filename>),
	      while <command>comm -13 ../old ../new</command> will
	      list added files only in
	      <filename>new</filename>.</para>
	  </sect5>

	  <sect5>
	    <title>Importing into the Vendor Tree</title>

	    <para>Now, the sources must be copied into
	      <filename><replaceable>dist</replaceable></filename> and
	      the <command>svn add</command> and
	      <command>svn rm</command> commands are used as
	      needed:</para>

	    <screen>&prompt.user; <userinput>cd <replaceable>vendor/pf/pf-4.3</replaceable></userinput>
&prompt.user; <userinput>tar cf - . | tar xf - -C ../dist</userinput>
&prompt.user; <userinput>cd <replaceable>../dist</replaceable></userinput>
&prompt.user; <userinput>comm -23 ../old ../new | xargs svn rm</userinput>
&prompt.user; <userinput>comm -13 ../old ../new | xargs svn add --parents</userinput></screen>

	    <para>If any directories were removed, they will have to
	      be <command>svn rm</command>ed manually.  Nothing will
	      break if they are not, but they will remain in the
	      tree.</para>

	    <para>Check properties on any new files.  All text files
	      should have <literal>svn:eol-style</literal> set to
	      <literal>native</literal>.  All binary files should have
	      <literal>svn:mime-type</literal> set to
	      <literal>application/octet-stream</literal> unless there
	      is a more appropriate media type.  Executable files
	      should have <literal>svn:executable</literal> set to
	      <literal>*</literal>.  No other properties should exist
	      on any file in the tree.</para>

	    <para>Committing is now possible.  However, it is good
	      practice to make sure that everything is okay by using
	      the <command>svn stat</command> and
	      <command>svn diff</command> commands.</para>
	  </sect5>

	  <sect5>
	    <title>Tagging</title>

	    <para>Once committed, vendor releases are tagged for
	      future reference.  The best and quickest way to do this
	      is directly in the repository:</para>

	    <screen>&prompt.user; <userinput>svn cp svn+ssh://repo.freebsd.org/base/<replaceable>vendor/pf/dist</replaceable> svn+ssh://repo.freebsd.org/base/<replaceable>vendor/pf/4.3</replaceable></userinput></screen>

	    <para>Once that is complete, <command>svn up</command> the
	      working copy of
	      <filename><replaceable>vendor/pf</replaceable></filename>
	      to get the new tag, although this is rarely
	      needed.</para>

	    <para>If creating the tag in the working copy of the tree,
	      <command>svn:mergeinfo</command> results must be
	      removed:</para>

	    <screen>&prompt.user; <userinput>cd	<replaceable>vendor/pf</replaceable></userinput>
&prompt.user; <userinput>svn cp dist 4.3</userinput>
&prompt.user; <userinput>svn propdel svn:mergeinfo -R 4.3</userinput></screen>
	  </sect5>
	</sect4>

	<sect4>
	  <title>Merging to Head</title>

	  <screen>&prompt.user; <userinput>cd <replaceable>head/contrib/pf</replaceable></userinput>
&prompt.user; <userinput>svn up</userinput>
&prompt.user; <userinput>svn merge --accept=postpone svn+ssh://repo.freebsd.org/base/<replaceable>vendor/pf/dist</replaceable> .</userinput></screen>

	  <para>The <literal>--accept=postpone</literal> tells
	    Subversion not to complain about merge
	    conflicts as they will be handled manually.</para>

	  <tip xml:id="svn-advanced-use-vendor-imports-pre-svn">
	    <para>The <command>cvs2svn</command> changeover occurred
	      on June 3, 2008.  When performing vendor merges for
	      packages which were already present and converted by the
	      <command>cvs2svn</command> process, the command used to
	      merge
	      <filename>/vendor/<replaceable>package_name</replaceable>/dist</filename>
	      to
	      <filename>/head/<replaceable>package_location</replaceable></filename>
	      (for example,
	      <filename>head/contrib/sendmail</filename>) must use
	      <option>-c <replaceable>REV</replaceable></option> to
	      indicate the revision to merge from the
	      <filename>/vendor</filename> tree.  For example:</para>

	    <screen>&prompt.user; <userinput>svn checkout svn+ssh://repo.freebsd.org/base/head/contrib/<replaceable>sendmail</replaceable></userinput>
&prompt.user; <userinput>cd sendmail</userinput>
&prompt.user; <userinput>svn merge -c r<replaceable>261190</replaceable> '^/vendor/<replaceable>sendmail/dist</replaceable>' .</userinput></screen>

	    <para><literal>^</literal> is an alias for the
	      repository path.</para>
	  </tip>

	  <note>
	    <para>If using the <application>Zsh</application> shell,
	      the <literal>^</literal> must be escaped with
	      <literal>\</literal> or quoted.</para>
	  </note>

	  <para>It is necessary to resolve any merge conflicts.</para>

	  <para>Make sure that any files that were added or removed in
	    the vendor tree have been properly added or removed in the
	    main tree.  To check diffs against the vendor
	    branch:</para>

	  <screen>&prompt.user; <userinput>svn diff --no-diff-deleted --old=svn+ssh://repo.freebsd.org/base/<replaceable>vendor/pf/dist</replaceable> --new=.</userinput></screen>

	  <para>The <literal>--no-diff-deleted</literal> tells
	    Subversion not to complain about files that are in the
	    vendor tree but not in the main tree.  Things that
	    would have previously been removed before the vendor
	    import, like the vendor's makefiles
	    and configure scripts.</para>

	  <para>Using <acronym>CVS</acronym>, once a file was off the
	    vendor branch, it was not able to be put back.  With
	    Subversion, there is no concept of on or off the vendor
	    branch.  If a file that previously had local
	    modifications, to make it not show up in diffs in the
	    vendor tree, all that has to be done is remove any
	    left-over cruft like &os; version tags, which is much
	    easier.</para>

	  <para>If any changes are required for the world to build
	    with the new sources, make them now, and keep testing
	    until everything builds and runs perfectly.</para>
	</sect4>

	<sect4>
	  <title>Committing the Vendor Import</title>

	  <para>Committing is now possible!  Everything must be
	    committed in one go.  If done properly, the tree will move
	    from a consistent state with old code, to a consistent
	    state with new code.</para>
	</sect4>

	<sect4>
	  <title>From Scratch</title>

	  <sect5>
	    <title>Importing into the Vendor Tree</title>

	    <para>This section is an example of importing and tagging
	      <application>byacc</application> into
	      <filename>head</filename>.</para>

	    <para>First, prepare the directory in
	      <filename>vendor</filename>:</para>

	    <screen>&prompt.user; <userinput>svn co --depth immediates <replaceable>$FSVN/vendor</replaceable></userinput>
&prompt.user; <userinput>cd <replaceable>vendor</replaceable></userinput>
&prompt.user; <userinput>svn mkdir <replaceable>byacc</replaceable></userinput>
&prompt.user; <userinput>svn mkdir <replaceable>byacc/dist</replaceable></userinput></screen>

	    <para>Now, import the sources into the
	      <filename>dist</filename> directory.
	      Once the files are in place, <command>svn add</command>
	      the new ones, then <command>svn commit</command> and tag
	      the imported version.  To save time and bandwidth,
	      direct remote committing and tagging is possible:</para>

	    <screen>&prompt.user; <userinput>svn cp -m <replaceable>"Tag byacc 20120115"</replaceable> <replaceable>$FSVN/vendor/byacc/dist</replaceable> <replaceable>$FSVN/vendor/byacc/20120115</replaceable></userinput></screen>
	  </sect5>

	  <sect5>
	    <title>Merging to <literal>head</literal></title>

	    <para>Due to this being a new file, copy it for the
	      merge:</para>

	    <screen>&prompt.user; <userinput>svn cp -m <replaceable>"Import byacc to contrib"</replaceable> <replaceable>$FSVN/vendor/byacc/dist</replaceable> <replaceable>$FSVN/head/contrib/byacc</replaceable></userinput></screen>

	    <para>Working normally on newly imported sources is still
	      possible.</para>
	  </sect5>
	</sect4>
      </sect3>

      <sect3 xml:id="svn-advanced-use-reverting-a-commit">
	<title>Reverting a Commit</title>

	<para>Reverting a commit to a previous version is fairly
	  easy:</para>

	<screen>&prompt.user; <userinput>svn merge -r179454:179453 ROADMAP.txt</userinput>
&prompt.user; <userinput>svn commit</userinput></screen>

	<para>Change number syntax, with negative meaning a reverse
	  change, can also be used:</para>

	<screen>&prompt.user; <userinput>svn merge -c -179454 ROADMAP.txt</userinput>
&prompt.user; <userinput>svn commit</userinput></screen>

	<para>This can also be done directly in the repository:</para>

	<screen>&prompt.user; <userinput>svn merge -r179454:179453 svn+ssh://repo.freebsd.org/base/ROADMAP.txt</userinput></screen>

	<note>
	  <para>It is important to ensure that the mergeinfo
	    is correct when reverting a file to permit
	    <command>svn mergeinfo --eligible</command> to work as
	    expected.</para>
	</note>

	<para>Reverting the deletion of a file is slightly different.
	  Copying the version of the file that predates the deletion
	  is required.  For example, to restore a file that was
	  deleted in revision N, restore version N-1:</para>

	<screen>&prompt.user; <userinput>svn copy svn+ssh://repo.freebsd.org/base/ROADMAP.txt@179454</userinput>
&prompt.user; <userinput>svn commit</userinput></screen>

	<para>or, equally:</para>

	<screen>&prompt.user; <userinput>svn copy svn+ssh://repo.freebsd.org/base/ROADMAP.txt@179454 svn+ssh://repo.freebsd.org/base</userinput></screen>

	<para>Do <emphasis>not</emphasis> simply recreate the file
	  manually and <command>svn add</command> it&mdash;this will
	  cause history to be lost.</para>
      </sect3>

      <sect3 xml:id="svn-advanced-use-fixing-mistakes">
	<title>Fixing Mistakes</title>

	<para>While we can do surgery in an emergency, do not plan on
	  having mistakes fixed behind the scenes.  Plan on mistakes
	  remaining in the logs forever.  Be sure to check the output
	  of <command>svn status</command> and <command>svn
	    diff</command> before committing.</para>

	<para>Mistakes will happen but,
	  they can generally be fixed without
	  disruption.</para>

	<para>Take a case of adding a file in the wrong location.  The
	  right thing to do is to <command>svn move</command> the file
	  to the correct location and commit.  This causes just a
	  couple of lines of metadata in the repository journal, and
	  the logs are all linked up correctly.</para>

	<para>The wrong thing to do is to delete the file and then
	  <command>svn add</command> an independent copy in the
	  correct location.  Instead of a couple of lines of text, the
	  repository journal grows an entire new copy of the file.
	  This is a waste.</para>
      </sect3>

      <sect3 xml:id="svn-getting-started-checkout-from-a-mirror">
	<title>Using a Subversion Mirror</title>

	<para>There is a serious disadvantage to this method: every
	  time something is to be committed, a
	  <command>svn relocate</command> to the main repository has
	  to be done, remembering to <command>svn relocate</command>
	  back to the mirror after the commit.  Also, since
	  <command>svn relocate</command> only works between
	  repositories that have the same UUID, some hacking of the
	  local repository's UUID has to occur before it is possible
	  to start using it.</para>

	<sect4 xml:id="svn-advanced-checkout-from-mirror">
	  <title>Checkout from a Mirror</title>

	  <para>Check out a working copy from a mirror by
	    substituting the mirror's <acronym>URL</acronym> for
	    <literal>svn+ssh://repo.freebsd.org/base</literal>.  This
	    can be an official mirror or a mirror maintained by using
	    <command>svnsync</command>.</para>
	</sect4>

	<sect4 xml:id="svn-advanced-use-setting-up-svnsync">
	  <title>Setting up a <application>svnsync</application>
	    Mirror</title>

	  <para>Avoid setting up a <application>svnsync</application>
	    mirror unless there is a very good reason for it.  Most
	    of the time a <command>git</command> mirror is a better
	    alternative.  Starting a fresh mirror from scratch takes
	    a long time.
	    Expect a minimum of 10 hours for high speed connectivity.
	    If international links are involved, expect this to take
	    four to ten times longer.</para>

	  <para>One way to limit the time required is to grab a <link
	      xlink:href="https://download.freebsd.org/ftp/development/subversion/">seed
	      file</link>.  It is large (~1GB) but will consume less
	    network traffic and take less time to fetch than svnsync
	    will.</para>

	  <para>Extract the file and update it:</para>

	  <screen>&prompt.user; <userinput>tar xf svnmirror-base-r261170.tar.xz</userinput>
&prompt.user; <userinput>svnsync sync file:///home/svnmirror/base</userinput></screen>

	  <para>Now, set that up to run from &man.cron.8;, do
	    checkouts locally, set up a svnserve server for local
	    machines to talk to, etc.</para>

	  <para>The seed mirror is set to fetch from
	    <literal>svn://svn.freebsd.org/base</literal>.  The
	    configuration for the mirror is stored in
	    <literal>revprop 0</literal> on the local mirror.  To see
	    the configuration, try:</para>

	  <screen>&prompt.user; <userinput>svn proplist -v --revprop -r 0 file:///home/svnmirror/base</userinput></screen>

	  <para>Use <literal>svn propset</literal> to change
	    things.</para>
	</sect4>
      </sect3>

      <sect3 xml:id="svn-advanced-use-committing-high-ascii-data">
	<title>Committing High-<acronym>ASCII</acronym> Data</title>

	<para>Files that have high-<acronym>ASCII</acronym> bits are
	  considered binary files in <acronym>SVN</acronym>, so the
	  pre-commit checks fail and indicate that the
	  <literal>mime-type</literal> property should be set to
	  <literal>application/octet-stream</literal>.  However, the
	  use of this is discouraged, so please do not set it.  The
	  best way is always avoiding high-<acronym>ASCII</acronym>
	  data, so that it can be read everywhere with any text editor
	  but if it is not avoidable, instead of changing the
	  mime-type, set the <literal>fbsd:notbinary</literal>
	  property with <literal>propset</literal>:</para>

	<screen>&prompt.user; <userinput>svn propset fbsd:notbinary yes foo.data</userinput></screen>
      </sect3>

      <sect3 xml:id="svn-advanced-use-maintaining-a-project-branch">
	<title>Maintaining a Project Branch</title>

	<para>A project branch is one that is synced to head (or
	  another branch) is used to develop a project then commit it
	  back to head.  In <acronym>SVN</acronym>,
	  <quote>dolphin</quote> branching is used for this.  A
	  <quote>dolphin</quote> branch is one that diverges for a
	  while and is finally committed back to the original branch.
	  During development code migration in one direction (from
	  head to the branch only).  No code is committed back to head
	  until the end.  After the branch is committed back at the
	  end, it is dead (although a new branch with the same name
	  can be created after the dead one is deleted).</para>

	<para>As per <link
	    xlink:href="https://people.FreeBSD.org/~peter/svn_notes.txt">https://people.FreeBSD.org/~peter/svn_notes.txt</link>,
	  work that is intended to be merged back into HEAD should be
	  in <filename>base/projects/</filename>.  If the
	  work is beneficial to the &os; community in some way
	  but not intended to be merged directly back into HEAD then
	  the proper location is
	  <filename>base/user/<replaceable>username</replaceable>/</filename>.
	  <link
	    xlink:href="https://svnweb.freebsd.org/base/projects/GUIDELINES.txt">This
	    page</link> contains further details.</para>

	<para>To create a project branch:</para>

	<screen>&prompt.user; <userinput>svn copy svn+ssh://repo.freebsd.org/base/head svn+ssh://repo.freebsd.org/base/projects/spif</userinput></screen>

	<para>To merge changes from HEAD back into the project
	  branch:</para>

	<screen>&prompt.user; <userinput>cd copy_of_spif</userinput>
&prompt.user; <userinput>svn merge svn+ssh://repo.freebsd.org/base/head</userinput>
&prompt.user; <userinput>svn commit</userinput></screen>

	<para>It is important to resolve any merge conflicts before
	  committing.</para>
	<!--
	<para>To collapse everything back at the end:</para>

	<screen>&prompt.user; <userinput>svn write me</userinput></screen>

	-->
      </sect3>
    </sect2>

    <sect2>
      <title>Some Tips</title>

      <para>In commit logs etc., <quote>rev 179872</quote> is
	spelled <quote>r179872</quote> as per convention.</para>

      <para>Speeding up svn is possible by adding these entries to
	<filename>~/.ssh/config</filename>:</para>

      <screen>Host *
ControlPath ~/.ssh/sockets/master-%l-%r@%h:%p
ControlMaster auto
ControlPersist yes</screen>

      <para>and then typing</para>

      <screen><userinput>mkdir ~/.ssh/sockets</userinput></screen>

      <para>Checking out a working copy with a stock Subversion client
	without &os;-specific patches
	(<varname>OPTIONS_SET=FREEBSD_TEMPLATE</varname>) will mean
	that <literal>&dollar;FreeBSD&dollar;</literal> tags will not
	be expanded.  Once the correct version has been installed,
	trick Subversion into expanding them like so:</para>

      <screen>&prompt.user; <userinput>svn propdel -R svn:keywords .</userinput>
&prompt.user; <userinput>svn revert -R .</userinput></screen>

      <para>This will wipe out uncommitted patches.</para>

      <para>It is possible to automatically fill the "Sponsored by"
	and "MFC after" commit log fields by setting
	"freebsd-sponsored-by" and "freebsd-mfc-after" fields in the
	"[miscellany]" section of the
	<filename>~/.subversion/config</filename> configuration file.
	For example:</para>

      <programlisting>freebsd-sponsored-by = The FreeBSD Foundation
freebsd-mfc-after = 2 weeks</programlisting>
    </sect2>
  </sect1>

  <sect1 xml:id="conventions">
    <title>Setup, Conventions, and Traditions</title>

    <para>There are a number of things to do as a new developer.
      The first set of steps is specific to committers only.  These
      steps must be done by a mentor for those who are not
      committers.</para>

    <sect2 xml:id="conventions-committers">
      <title>For New Committers</title>

      <para>Those who have been given commit rights to the &os;
	repositories must follow these steps.</para>

      <itemizedlist xml:id="commit-notes">
	<listitem>
	  <para>Get mentor approval before committing each of these
	    changes!</para>
	</listitem>

	<listitem>
	  <para>The <filename>.ent</filename> and
	    <filename>.xml</filename> files mentioned below exist in
	    the &os; Documentation Project SVN repository at
	    <literal>svn+ssh://repo.FreeBSD.org/doc/</literal>.</para>
	</listitem>

	<listitem>
	  <para>New files that do not have the
	    <literal>FreeBSD=%H</literal>
	    <command>svn:keywords</command> property will be rejected
	    when attempting to commit them to the repository.  Be sure
	    to read
	    <xref linkend="svn-daily-use-adding-and-removing"/>
	    regarding adding and removing files.  Verify that
	    <filename>~/.subversion/config</filename> contains the
	    necessary <quote>auto-props</quote> entries from
	    <filename>auto-props.txt</filename> mentioned
	    there.</para>
	</listitem>

	<listitem>
	  <para>All <filename>src</filename> commits go to
	    &os.current; first before being merged to &os.stable;.
	    The &os.stable; branch must maintain
	    <acronym>ABI</acronym> and <acronym>API</acronym>
	    compatibility with earlier versions of that branch.  Do
	    not merge changes that break this compatibility.</para>
	</listitem>
      </itemizedlist>

      <procedure xml:id="commit-steps">
	<title>Steps for New Committers</title>

	<step>
	  <title>Add an Author Entity</title>

	  <para><filename>doc/head/share/xml/authors.ent</filename>
	    &mdash; Add an author entity.  Later steps depend on this
	    entity, and missing this step will cause the
	    <filename>doc/</filename> build to fail.  This is a
	    relatively easy task, but remains a good first test of
	    version control skills.</para>
	</step>

	<step>
	  <title>Update the List of Developers and
	    Contributors</title>

	  <para><filename>doc/head/en_US.ISO8859-1/articles/contributors/contrib.committers.xml</filename>
	    &mdash;
	    Add an entry to the <quote>Developers</quote> section
	    of the <link
	      xlink:href="&url.articles.contributors;/staff-committers.html">Contributors
	      List</link>.  Entries are sorted by last name.</para>

	  <para><filename>doc/head/en_US.ISO8859-1/articles/contributors/contrib.additional.xml</filename>
	    &mdash; <emphasis>Remove</emphasis> the entry from the
	    <quote>Additional Contributors</quote> section.  Entries
	    are sorted by first name.</para>
	</step>

	<step>
	  <title>Add a News Item</title>

	  <para><filename>doc/head/share/xml/news.xml</filename>
	    &mdash; Add an entry.  Look for the other entries that
	    announce new committers and follow the format.  Use the
	    date from the commit bit approval email from
	    <email>core@FreeBSD.org</email>.</para>
	</step>

	<step>
	  <title>Add a <acronym>PGP</acronym> Key</title>

	  <para><filename>doc/head/share/pgpkeys/pgpkeys.ent</filename>
	    and
	    <filename>doc/head/share/pgpkeys/pgpkeys-developers.xml</filename>
	    - Add your <acronym>PGP</acronym> or
	    Gnu<acronym>PG</acronym> key.  Those who do not yet have a
	    key should see <xref linkend="pgpkeys-creating"/>.</para>

	  <para>&a.des.email; has written a shell script
	    (<filename>doc/head/share/pgpkeys/addkey.sh</filename>) to
	    make this easier.  See the <link
	      xlink:href="http://svnweb.FreeBSD.org/doc/head/share/pgpkeys/README">README</link>
	    file for more information.</para>

	  <para>Use
	    <filename>doc/head/share/pgpkeys/checkkey.sh</filename> to
	    verify that keys meet minimal best-practices
	    standards.</para>

	  <para>After adding and checking a key, add both updated
	    files to source control and then commit them.  Entries in
	    this file are sorted by last name.</para>

	  <note>
	    <para>It is very important to have a current
	      <acronym>PGP</acronym>/Gnu<acronym>PG</acronym> key in
	      the repository.  The key may be required for positive
	      identification of a committer.  For example, the
	      &a.admins; might need it for account recovery.  A
	      complete keyring of <systemitem
		class="fqdomainname">FreeBSD.org</systemitem> users is
	      available for download from <link
		xlink:href="&url.base;/doc/pgpkeyring.txt">https://www.FreeBSD.org/doc/pgpkeyring.txt</link>.</para>
	  </note>
	</step>

	<step>
	  <title>Update Mentor and Mentee Information</title>

	  <para><filename>base/head/share/misc/committers-<replaceable>repository</replaceable>.dot</filename>
	    &mdash; Add an entry to the current committers section,
	    where <replaceable>repository</replaceable> is
	    <literal>doc</literal>, <literal>ports</literal>, or
	    <literal>src</literal>, depending on the commit privileges
	    granted.</para>

	  <para>Add an entry for each additional mentor/mentee
	    relationship in the bottom section.</para>
	</step>

	<step>
	  <title>Generate a <application>Kerberos</application>
	    Password</title>

	  <para>See <xref linkend="kerberos-ldap"/> to generate or
	    set a <application>Kerberos</application> for use with
	    other &os; services like the bug tracking database.</para>
	</step>

	<step>
	  <title>Optional: Enable Wiki Account</title>

	  <para><link xlink:href="https://wiki.freebsd.org">&os;
	      Wiki</link> Account &mdash; A wiki account allows
	    sharing projects and ideas.  Those who do not yet have an
	    account can follow instructions on the <link
	    xlink:href="https://wiki.freebsd.org/AboutWiki">AboutWiki
	    Page</link> to obtain one.  Contact
	    <email>wiki-admin@FreeBSD.org</email> if you need help
	    with your Wiki account.</para>
	</step>

	<step>
	  <title>Optional: Update Wiki Information</title>

	  <para>Wiki Information - After gaining access to the wiki,
	    some people add entries to the <link
	      xlink:href="https://wiki.freebsd.org/HowWeGotHere">How
	      We Got Here</link>, <link
	      xlink:href="https://wiki.freebsd.org/IRC/Nicknames">IRC
	      Nicks</link>, and <link
	      xlink:href="https://wiki.freebsd.org/Community/Dogs">
	      Dogs of FreeBSD</link> pages.</para>
	</step>

	<step>
	  <title>Optional: Update Ports with Personal
	    Information</title>

	  <para><filename>ports/astro/xearth/files/freebsd.committers.markers</filename>
	    and
	    <filename>src/usr.bin/calendar/calendars/calendar.freebsd</filename>
	    - Some people add entries for themselves to these files to
	    show where they are located or the date of their
	    birthday.</para>
	</step>

	<step>
	  <title>Optional: Prevent Duplicate Mailings</title>

	  <para>Subscribers to &a.svn-src-all.name;,
	    &a.svn-ports-all.name; or &a.svn-doc-all.name; might wish
	    to unsubscribe to avoid receiving duplicate copies of
	    commit messages and followups.</para>
	</step>
      </procedure>
    </sect2>

    <sect2 xml:id="conventions-everyone">
      <title>For Everyone</title>

      <procedure xml:id="conventions-everyone-steps">
	<step>
	  <para>Introduce yourself to the other developers, otherwise
	    no one will have any idea who you are or what you are
	    working on.  The introduction need not be a comprehensive
	    biography, just write a paragraph or two about who you
	    are, what you plan to be working on as a developer in
	    &os;, and who will be your mentor.  Email this to the
	    &a.developers; and you will be on your way!</para>
	</step>

	<step>
	  <para>Log into <systemitem>freefall.FreeBSD.org</systemitem>
	    and create a
	    <filename>/var/forward/<replaceable>user</replaceable></filename>
	    (where <replaceable>user</replaceable> is your username)
	    file containing the e-mail address where you want mail
	    addressed to
	    <replaceable>yourusername</replaceable>@FreeBSD.org to be
	    forwarded.  This includes all of the commit messages as
	    well as any other mail addressed to the &a.committers; and
	    the &a.developers;.  Really large mailboxes which have
	    taken up permanent residence on
	    <systemitem>freefall</systemitem> may get truncated
	    without warning if space needs to be freed, so forward it
	    or save it elsewhere.</para>

	  <note>
	    <para>If your e-mail system uses SPF with strict rules,
	      you should whitelist <systemitem
		class="fqdomainname">mx2.FreeBSD.org</systemitem> from
	      SPF checks.</para>
	  </note>

	  <para>Due to the severe load dealing with SPAM places on the
	    central mail servers that do the mailing list processing,
	    the front-end server does do some basic checks and will
	    drop some messages based on these checks.  At the moment
	    proper DNS information for the connecting host is the only
	    check in place but that may change.  Some people blame
	    these checks for bouncing valid email.  To have these
	    checks turned off for your email, create a file
	    named <filename>~/.spam_lover</filename>
	    on <systemitem
	      class="fqdomainname">freefall.FreeBSD.org</systemitem>.</para>
	</step>
      </procedure>

      <note>
	<para>Those who are developers but not committers will
	  not be subscribed to the committers or developers mailing
	  lists.  The subscriptions are derived from the access
	  rights.</para>
      </note>

      <sect3 xml:id="smtp-setup">
	<title>SMTP Access Setup</title>

	<para>For those willing to send e-mail messages through the
	  FreeBSD.org infrastructure, follow the instructions
	  below:</para>

	<procedure>
	  <step>
	    <para>Point your mail client at
	      <literal><systemitem
		class="fqdomainname">smtp.FreeBSD.org</systemitem>:587</literal>.</para></step>

	  <step>
	    <para>Enable STARTTLS.</para>
	  </step>

	  <step>
	    <para>Ensure your <literal>From:</literal> address is set
	      to
	      <literal><replaceable>yourusername</replaceable>@FreeBSD.org</literal>.</para>
	  </step>

	  <step>
	    <para>For authentication, you can use your &os; Kerberos
	      username and password (see <xref
		linkend="kerberos-ldap"/>).  The
	      <literal><replaceable>yourusername</replaceable>/mail</literal>
	      principal is preferred, as it is only valid for
	      authenticating to mail resources.</para>

	    <note>
	      <para>Do not include <literal>@FreeBSD.org</literal>
		when entering in your username.</para>
	    </note>
	  </step>
	</procedure>

	<note>
	  <title>Additional Notes</title>

	  <itemizedlist>
	    <listitem>
	      <para>Will only accept mail from
		<literal><replaceable>yourusername</replaceable>@FreeBSD.org</literal>.
		If you are authenticated as one user, you are not
		permitted to send mail from another.</para>
	    </listitem>

	    <listitem>
	      <para>A header will be appended with the SASL username:
		(<literal>Authenticated sender:
		<replaceable>username</replaceable></literal>).</para></listitem>

	    <listitem>
	      <para>Host has various rate limits in place to cut down
		on brute force attempts.</para>
	    </listitem>
	  </itemizedlist>
	</note>

	<sect4 xml:id="smtp-setup-local-mta">
	  <title>Using a Local MTA to Forward Emails to the
	    &os;.org SMTP Service</title>

	  <para>It is also possible to use a local
	    <acronym>MTA</acronym> to forward locally sent emails to
	    the &os;.org SMTP servers.</para>

	  <example xml:id="smtp-setup-local-postfix">
	    <title>Using <application>Postfix</application></title>

	    <para>To tell a local Postfix instance that anything from
	      <literal><replaceable>yourusername</replaceable>@FreeBSD.org</literal>
	      should be forwarded to the &os;.org servers, add this to
	      your <filename>main.cf</filename>:</para>

	    <programlisting>sender_dependent_relayhost_maps = hash:/usr/local/etc/postfix/relayhost_maps
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
smtp_use_tls = yes</programlisting>

	    <para>Create
	      <filename>/usr/local/etc/postfix/relayhost_maps</filename>
	      with the following content:</para>

	    <programlisting><replaceable>yourusername</replaceable>@FreeBSD.org  [smtp.freebsd.org]:587</programlisting>

	    <para>Create
	      <filename>/usr/local/etc/postfix/sasl_passwd</filename>
	      with the following content:</para>

	    <programlisting>[smtp.freebsd.org]:587          <replaceable>yourusername</replaceable>:<replaceable>yourpassword</replaceable></programlisting>

	    <para>If the email server is used by other people, you
	      may want to prevent them from sending e-mails from your
	      address.  To achieve this, add this to your
	      <filename>main.cf</filename>:</para>

	    <programlisting>smtpd_sender_login_maps = hash:/usr/local/etc/postfix/sender_login_maps
smtpd_sender_restrictions = reject_known_sender_login_mismatch</programlisting>

	    <para>Create
	      <filename>/usr/local/etc/postfix/sender_login_maps</filename>
	      with the following content:</para>

	    <programlisting><replaceable>yourusername</replaceable>@FreeBSD.org <replaceable>yourlocalusername</replaceable></programlisting>

	    <para>Where <replaceable>yourlocalusername</replaceable>
	      is the <acronym>SASL</acronym> username used to connect
	      to the local instance of
	      <application>Postfix</application>.</para>
	  </example>
	</sect4>
      </sect3>
    </sect2>

    <sect2 xml:id="mentors">
      <title>Mentors</title>

      <para>All new developers have a mentor assigned to them for
	the first few months.  A mentor is responsible for teaching
	the mentee the rules and conventions of the project and
	guiding their first steps in the developer community.  The
	mentor is also personally responsible for the mentee's actions
	during this initial period.</para>

      <para>For committers: do not commit anything without first
	getting mentor approval.  Document that approval with an
	<literal>Approved by:</literal> line in the commit
	message.</para>

      <para>When the mentor decides that a mentee has learned the
	ropes and is ready to commit on their own, the mentor
	announces it with a commit to
	<filename>conf/mentors</filename>.  This file is in the
	<filename>svnadmin</filename> branch of each
	repository:</para>

      <informaltable frame="none">
	<tgroup cols="2">
	  <tbody>
	    <row>
	      <entry><literal>src</literal></entry>
	      <entry><filename>base/svnadmin/conf/mentors</filename></entry>
	    </row>

	    <row>
	      <entry><literal>doc</literal></entry>
	      <entry><filename>doc/svnadmin/conf/mentors</filename></entry>
	    </row>

	    <row>
	      <entry><literal>ports</literal></entry>
	      <entry><filename>ports/svnadmin/conf/mentors</filename></entry>
	    </row>
	  </tbody>
	</tgroup>
      </informaltable>

      <para>New committers should aim to complete enough commits that
	their mentor is comfortable releasing them from mentorship
	within the first year.  If they are still under mentorship, the
	appropriate management body (core, doceng, or portmgr) should
	attempt to ensure that there are no barriers preventing
	completion.  If the committer is unable to satisfy their mentor
	of readiness by a year and a half their commit bit may be
	converted to project membership.</para>
    </sect2>
  </sect1>

  <sect1 xml:id="pre-commit-review">
    <title>Pre-Commit Review</title>

    <para>Code review is one way to increase the quality of software.
      The following guidelines apply to commits to the
      <literal>head</literal> (-CURRENT) branch of the
      <literal>src</literal> repository.  Other branches and the
      <literal>ports</literal> and <literal>docs</literal> trees have
      their own review policies, but these guidelines generally apply
      to commits requiring review:</para>
    <itemizedlist>
      <listitem>
	<para>All non-trivial changes should be reviewed before they
	  are committed to the repository.</para>
      </listitem>

      <listitem>
	<para>Reviews may be conducted by email, in
	  <application>Bugzilla</application>, in
	  <application>Phabricator</application>, or by another
	  mechanism.  Where possible, reviews should be public.</para>
      </listitem>

      <listitem>
	<para>The developer responsible for a code change is also
	  responsible for making all necessary review-related
	  changes.</para>
      </listitem>

      <listitem>
	<para>Code review can be an iterative process, which continues
	  until the patch is ready to be committed.  Specifically,
	  once a patch is sent out for review, it should receive an
	  explicit <quote>looks good</quote> before it is committed.
	  So long as it is explicit, this can take whatever form makes
	  sense for the review method.</para>
      </listitem>

      <listitem>
	<para>Timeouts are not a substitute for review.</para>
      </listitem>
    </itemizedlist>

    <para>Sometimes code reviews will take longer than you would hope
      for, especially for larger features.  Accepted ways to speed up
      review times for your patches are:</para>

    <itemizedlist>
      <listitem>
	<para>Review other people's patches.  If you help out,
	  everybody will be more willing to do the same for you;
	  goodwill is our currency.</para>
      </listitem>

      <listitem>
	<para>Ping the patch.  If it is urgent, provide reasons why
	  it is important to you to get this patch landed and ping
	  it every couple of days.  If it is not urgent, the common
	  courtesy ping rate is one week.  Remember that you are
	  asking for valuable time from other professional
	  developers.</para>
      </listitem>

      <listitem>
	<para>Ask for help on mailing lists, IRC, etc.  Others
	  may be able to either help you directly, or suggest a
	  reviewer.</para>
      </listitem>

      <listitem>
	<para>Split your patch into multiple smaller patches that
	  build on each other.  The smaller your patch, the higher
	  the probability that somebody will take a quick look at
	  it.</para>

	<para>When making large changes, it is helpful to keep this
	  in mind from the beginning of the effort as breaking large
	  changes into smaller ones is often difficult after the
	  fact.</para>
      </listitem>
    </itemizedlist>

    <para>Developers should participate in code reviews as both
      reviewers and reviewees.  If someone is kind enough to review
      your code, you should return the favor for someone else.
      Note that while anyone is welcome to review and give feedback
      on a patch, only an appropriate subject-matter expert can
      approve a change.  This will usually be a committer who works
      with the code in question on a regular basis.</para>

    <para>In some cases, no subject-matter expert may be available.
      In those cases, a review by an experienced developer is
      sufficient when coupled with appropriate testing.</para>
  </sect1>

  <sect1 xml:id="commit-log-message">
    <title>Commit Log Messages</title>

    <para>This section contains some suggestions and traditions for
      how commit logs are formatted.</para>

    <para>As well as including an informative message with each
      commit, some additional information may be needed.</para>

    <para>This information consists of one or more lines
      containing the key word or phrase, a colon, tabs for formatting,
      and then the additional information.</para>

    <para>The key words or phrases are:</para>

    <informaltable frame="none" pgwide="1">
      <tgroup cols="2">
	<tbody>
	  <row>
	    <entry><literal>PR:</literal></entry>
	    <entry>The problem report (if any) which is affected
	      (typically, by being closed) by this commit.
	      Multiple PRs may be specified on one line, separated by
	      commas or spaces.</entry>
	  </row>

	  <row>
	    <entry><literal>Submitted by:</literal></entry>
	    <entry>
	      <para>The name and e-mail address of the person
		that submitted the fix; for developers, just the
		username on the &os; cluster.</para>

	      <para>If the submitter is the maintainer of the port
		being committed, include "(maintainer)"
		after the email address.</para>

	      <para>Avoid obfuscating the email address of the
		submitter as this adds additional work when searching
		logs.</para>
	    </entry>
	  </row>

	  <row>
	    <entry><literal>Reviewed by:</literal></entry>
	    <entry>The name and e-mail address of the person or
	      people that reviewed the change; for developers,
	      just the username on the &os; cluster.  If a
	      patch was submitted to a mailing list for review,
	      and the review was favorable, then just include
	      the list name.</entry>
	  </row>

	  <row>
	    <entry><literal>Approved by:</literal></entry>
	    <entry><para>The name and e-mail address of the person or
	      people that approved the change; for developers, just
	      the username on the &os; cluster.  It is customary to
	      get prior approval for a commit if it is to an area of
	      the tree to which you do not usually commit.  In
	      addition, during the run up to a new release all commits
	      <emphasis>must</emphasis> be approved by the release
	      engineering team.</para>

	    <para>While under mentorship, get mentor approval before
	      the commit.  Enter the mentor's username in this field,
	      and note that they are a mentor:</para>

	    <screen>Approved by: <userinput><replaceable>username-of-mentor</replaceable> <literal>(mentor)</literal></userinput></screen>

	    <para>If a team approved these commits then include the
	      team name followed by the username of the approver in
	      parentheses.  For example:</para>

	    <screen>Approved by: <userinput><literal>re</literal> (<replaceable>username</replaceable>)</userinput></screen></entry>
	  </row>

	  <row>
	    <entry><literal>Obtained from:</literal></entry>
	    <entry>The name of the project (if any) from which
	      the code was obtained.  Do not use this line for the
	      name of an individual person.</entry>
	  </row>

	  <row>
	    <entry><literal>Sponsored by:</literal></entry>
	    <entry>Sponsoring organizations for this change, if any.
	      Separate multiple organizations with commas.  If only a
	      portion of the work was sponsored, or different amounts
	      of sponsorship were provided to different authors,
	      please give appropriate credit in parentheses after each
	      sponsor name.  For example, <literal>Example.com (alice,
		code refactoring), Wormulon (bob), Momcorp
		(cindy)</literal> shows that Alice was sponsored by
	      Example.com to do code refactoring, while Wormulon
	      sponsored Bob's work and Momcorp sponsored Cindy's work.
	      Other authors were either not sponsored or chose not to
	      list sponsorship.</entry>
	  </row>

	  <row>
	    <entry><literal>MFC after:</literal></entry>
	    <entry>To receive an e-mail reminder to
	      <acronym>MFC</acronym> at a later date, specify the
	      number of days, weeks, or months after which an
	      <acronym>MFC</acronym> is planned.</entry>
	  </row>

	  <row>
	    <entry><literal>MFC to:</literal></entry>
	    <entry>If the commit should be merged to a subset of
	      stable branches, specify the branch names.</entry>
	  </row>

	  <row>
	    <entry><literal>MFC with:</literal></entry>
	    <entry>If the commit should be merged together with
	      a previous one in a single
	      <acronym>MFC</acronym> commit (for example, where
	      this commit corrects a bug in the previous change),
	      specify the corresponding revision number.</entry>
	  </row>

	  <row>
	    <entry><literal>Relnotes:</literal></entry>
	    <entry>If the change is a candidate for inclusion in
	      the release notes for the next release from the branch,
	      set to <literal>yes</literal>.</entry>
	  </row>

	  <row>
	    <entry><literal>Security:</literal></entry>
	    <entry>If the change is related to a security
	      vulnerability or security exposure, include one or more
	      references or a description of the issue.  If possible,
	      include a VuXML URL or a CVE ID.</entry>
	  </row>

	  <row>
	    <entry><literal>Event:</literal></entry>
	    <entry>The description for the event where this commit was
	      made.  If this is a recurring event, add the year or
	      even the month to it.  For example, this could be
	      <literal>FooBSDcon 2019</literal>.  The idea behind this
	      line is to put recognition to conferences, gatherings,
	      and other types of meetups and to show that these are
	      useful to have.  Please do not use the
	      <literal>Sponsored by:</literal> line for this as that
	      is meant for organizations sponsoring certain features
	      or developers working on them.</entry>
	  </row>

	  <row>
	    <entry><literal>Differential Revision:</literal></entry>
	    <entry>The full URL of the Phabricator review.  This line
	      <emphasis>must be the last line</emphasis>.  For
	      example:
	      <literal>https://reviews.freebsd.org/D1708</literal>.</entry>
	  </row>
	</tbody>
      </tgroup>
    </informaltable>

    <example>
      <title>Commit Log for a Commit Based on a PR</title>

      <para>The commit is based on a patch from a PR submitted by John
	Smith.  The commit message <quote>PR</quote> and
	<quote>Submitted by</quote> fields are filled..</para>

      <programlisting>...

	    PR:                    12345
	    Submitted by:	   John Smith &lt;John.Smith@example.com&gt;</programlisting>
    </example>

    <example>
      <title>Commit Log for a Commit Needing Review</title>

      <para>The virtual memory system is being changed.  After
	posting patches to the appropriate mailing list (in this
	case, <literal>freebsd-arch</literal>) and the changes have
	been approved.</para>

      <programlisting>...

	    Reviewed by:       -arch</programlisting>
    </example>

    <example>
      <title>Commit Log for a Commit Needing Approval</title>

      <para>Commit a port, after working with
	the listed MAINTAINER, who said to go ahead and
	commit.</para>

      <programlisting>...

	    Approved by:	    <replaceable>abc</replaceable> (maintainer)</programlisting>

      <para>Where <replaceable>abc</replaceable> is the account name
	of the person who approved.</para>
    </example>

    <example>
      <title>Commit Log for a Commit Bringing in Code from
	OpenBSD</title>

      <para>Committing some code based on work done in the
	OpenBSD project.</para>

      <programlisting>...

	    Obtained from:      OpenBSD</programlisting>
    </example>

    <example>
      <title>Commit Log for a Change to &os.current; with a Planned
	Commit to &os.stable; to Follow at a Later Date.</title>

      <para>Committing some code which will be merged from
	&os.current; into the &os.stable; branch after two
	weeks.</para>

      <programlisting>...

MFC after:      <replaceable>2 weeks</replaceable></programlisting>

      <para>Where <replaceable>2</replaceable> is the number of days,
	weeks, or months after which an <acronym>MFC</acronym> is
	planned.  The <replaceable>weeks</replaceable> option may be
	<literal>day</literal>, <literal>days</literal>,
	<literal>week</literal>, <literal>weeks</literal>,
	<literal>month</literal>, <literal>months</literal>.</para>
    </example>

    <para>It is often necessary to combine these.</para>

    <para>Consider the situation where a user has submitted a PR
      containing code from the NetBSD project.  Looking at the PR, the
      developer sees it is not an area of the tree they normally work
      in, so they have the change reviewed by the
      <literal>arch</literal> mailing list.  Since the change is
      complex, the developer opts to <acronym>MFC</acronym> after one
      month to allow adequate testing.</para>

    <para>The extra information to include in the commit would look
      something like</para>

    <example>
      <title>Example Combined Commit Log</title>

      <programlisting>PR:                 54321
Submitted by:       John Smith &lt;John.Smith@example.com&gt;
Reviewed by:        -arch
Obtained from:      NetBSD
MFC after:          1 month
Relnotes:           yes</programlisting>
    </example>
  </sect1>

  <sect1 xml:id="pref-license">
    <title>Preferred License for New Files</title>

    <para>The &os; Project's full license policy can be found at <link
	xlink:href="&url.base;/internal/software-license.html">https://www.FreeBSD.org/internal/software-license.html</link>.
      The rest of this section is intended to help you get started.
      As a rule, when in doubt, ask.  It is much easier to give advice
      than to fix the source tree.</para>

    <para>The &os; Project suggests and uses this
      text as the preferred license scheme:</para>

    <programlisting>/*-
 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
 *
 * Copyright (c) [year] [your name]
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * [id for your version control system, if any]
 */</programlisting>

    <para>The &os; project strongly discourages the so-called
      "advertising clause" in new code.  Due to the large number of
      contributors to the &os; project, complying with this clause for
      many commercial vendors has become difficult.  If you have code
      in the tree with the advertising clause, please consider
      removing it.  In fact, please consider using the above license
      for your code.</para>

    <para>The &os; project discourages completely new licenses and
      variations on the standard licenses.  New licenses require the
      approval of the &a.core; to reside in the
      main repository.  The more different licenses that are used in
      the tree, the more problems that this causes to those wishing to
      utilize this code, typically from unintended consequences from a
      poorly worded license.</para>

    <para>Project policy dictates that code under some non-BSD
      licenses must be placed only in specific sections of the
      repository, and in some cases, compilation must be conditional
      or even disabled by default.  For example, the GENERIC kernel
      must be compiled under only licenses identical to or
      substantially similar to the BSD license.  GPL, APSL, CDDL, etc,
      licensed software must not be compiled into GENERIC.</para>

    <para>Developers are reminded that in open source, getting "open"
      right is just as important as getting "source" right, as
      improper handling of intellectual property has serious
      consequences.  Any questions or concerns should immediately be
      brought to the attention of the core team.</para>
  </sect1>

  <sect1 xml:id="tracking.license.grants">
    <title>Keeping Track of Licenses Granted to the &os;
      Project</title>

    <para>Various software or data exist in the repositories where
      the &os; project has been granted a special licence to be able
      to use them.  A case in point are the Terminus fonts for use
      with &man.vt.4;.  Here the author Dimitar Zhekov has allowed us
      to use the "Terminus BSD Console" font under a 2-clause BSD
      license rather than the regular Open Font License he normally
      uses.</para>

    <para>It is clearly sensible to keep a record of any such
      license grants.  To that end, the &a.core; has decided to keep
      an archive of them.  Whenever the &os; project is granted a
      special license we require the &a.core; to be notified.  Any
      developers involved in arranging such a license grant, please
      send details to the &a.core; including:</para>

    <itemizedlist>
      <listitem>
	<para>Contact details for people or organizations granting the
	  special license.</para>
      </listitem>

      <listitem>
	<para>What files, directories etc. in the repositories are
	  covered by the license grant including the revision numbers
	  where any specially licensed material was committed.</para>
      </listitem>

      <listitem>
	<para>The date the license comes into effect from.  Unless
	  otherwise agreed, this will be the date the license was
	  issued by the authors of the software in question.</para>
      </listitem>

      <listitem>
	<para>The license text.</para>
      </listitem>

      <listitem>
	<para>A note of any restrictions, limitations or exceptions
	  that apply specifically to &os;'s usage of the licensed
	  material.</para>
      </listitem>

      <listitem>
	<para>Any other relevant information.</para>
      </listitem>
    </itemizedlist>

    <para>Once the &a.core; is satisfied that all the necessary
      details have been gathered and are correct, the secretary will
      send a PGP-signed acknowledgement of receipt including the
      license details.  This receipt will be persistently archived and
      serve as our permanent record of the license grant.</para>

    <para>The license archive should contain only details of license
      grants; this is not the place for any discussions around
      licensing or other subjects.  Access to data within the license
      archive will be available on request to the &a.core;.</para>
  </sect1>

  <sect1 xml:id="developer.relations">
    <title>Developer Relations</title>

    <para>When working directly on your own code or on code which is
      already well established as your responsibility, then there is
      probably little need to check with other committers before
      jumping in with a commit.  Working on a bug in an area of the
      system which is clearly orphaned (and there are a few such
      areas, to our shame), the same applies.  When modifying
      parts of the system which are maintained, formally, or
      informally, consider asking for review just as a developer
      would have before becoming a
      committer.  For ports, contact the listed
      <varname>MAINTAINER</varname> in the
      <filename>Makefile</filename>.</para>

    <para>To determine if an area of the tree is maintained, check the
      MAINTAINERS file at the root of the tree.  If nobody is listed,
      scan the revision history to see who has committed
      changes in the past.  An example script that lists each person
      who has committed to a given file along with the number of
      commits each person has made can be found at on
      <systemitem>freefall</systemitem> at
      <filename>~eadler/bin/whodid</filename>.  If queries go
      unanswered or the committer otherwise indicates a lack of
      interest in the area affected, go ahead and commit it.</para>

    <important>
      <para>Avoid sending private emails to maintainers.  Other people
	might be interested in the conversation, not just the final
	output.</para>
    </important>

    <para>If there is any doubt about a commit for any reason at all,
      have it reviewed before
      committing.  Better to have it flamed then and there rather than
      when it is part of the repository.  If a commit does results in
      controversy erupting, it may be advisable to consider backing
      the change out again until the matter is settled.  Remember,
      with a version control system we can always change it
      back.</para>

    <para>Do not impugn the intentions of others.  If they see a
      different solution to a problem, or even a different problem, it
      is probably not because they are stupid, because they have
      questionable parentage, or because they are trying to destroy
      hard work, personal image, or &os;, but basically because they
      have a different outlook on the world.  Different is
      good.</para>

    <para>Disagree honestly.  Argue your position from its merits,
      be honest about any shortcomings it may have, and be open to
      seeing their solution, or even their vision of the problem,
      with an open mind.</para>

    <para>Accept correction.  We are all fallible.  When you have made
      a mistake, apologize and get on with life.  Do not beat up
      yourself, and certainly do not beat up others for your mistake.
      Do not waste time on embarrassment or recrimination, just fix
      the problem and move on.</para>

    <para>Ask for help.  Seek out (and give) peer reviews.  One of
      the ways open source software is supposed to excel is in the
      number of eyeballs applied to it; this does not apply if nobody
      will review code.</para>
  </sect1>

  <sect1 xml:id="if-in-doubt">
    <title>If in Doubt...</title>

    <para>When unsure about something, whether it be a
      technical issue or a project convention be sure to ask.  If you
      stay silent you will never make progress.</para>

    <para>If it relates to a technical issue ask on the public
      mailing lists.  Avoid the temptation to email the individual
      person that knows the answer.  This way everyone will be able to
      learn from the question and the answer.</para>

    <para>For project specific or administrative questions
      ask, in order:</para>

    <itemizedlist>
      <listitem>
	<para>Your mentor or former mentor.</para>
      </listitem>

      <listitem>
	<para>An experienced committer on IRC, email, etc.</para>
      </listitem>

      <listitem>
	<para>Any team with a "hat", as they can give you a
	  definitive answer.</para>
      </listitem>

      <listitem>
	<para>If still not sure, ask on &a.developers;.</para>
      </listitem>
    </itemizedlist>

    <para>Once your question is answered, if no one pointed you to
      documentation that spelled out the answer to your question,
      document it, as others will have the same question.</para>
  </sect1>

  <sect1 xml:id="bugzilla">
    <title>Bugzilla</title>

    <para>The &os; Project utilizes
      <application>Bugzilla</application> for tracking bugs and change
      requests.  Be sure that if you commit a fix or suggestion found
      in the PR database to close it.  It is also considered nice if
      you take time to close any PRs associated with your commits, if
      appropriate.</para>

    <para>Committers with
      non-<systemitem class="domainname">&os;.org</systemitem>
      Bugzilla accounts can have the old account merged with the
      <systemitem class="domainname">&os;.org</systemitem> account by
      following these steps:</para>

    <procedure>
      <step>
	<para>Log in using your old account.</para>
      </step>

      <step>
	<para>Open new bug.  Choose <literal>Services</literal> as the
	  Product, and <literal>Bug Tracker</literal> as the
	  Component.  In bug description list accounts you wish to be
	  merged.</para>
      </step>

      <step>
	<para>Log in using <systemitem
	    class="domainname">&os;.org</systemitem> account and post
	  comment to newly opened bug to confirm ownership.  See <xref
	    linkend="kerberos-ldap"/> for more details on how to
	  generate or set a password for your <systemitem
	    class="domainname">&os;.org</systemitem> account.</para>
      </step>

      <step>
	<para>If there are more than two accounts to merge, post
	  comments from each of them.</para>
      </step>
    </procedure>

    <para>You can find out more about
      <application>Bugzilla</application> at:</para>

    <itemizedlist>
      <listitem>
	<para><link
	    xlink:href="&url.articles.pr-guidelines;/index.html">&os;
	    Problem Report Handling Guidelines</link></para>
      </listitem>

      <listitem>
	<para><link
	    xlink:href="&url.base;/support.html">https://www.FreeBSD.org/support.html</link></para>
      </listitem>
    </itemizedlist>
  </sect1>

  <sect1 xml:id="phabricator">
    <title>Phabricator</title>

    <para>The &os; Project utilizes <link
	xlink:href="https://reviews.freebsd.org">Phabricator</link>
      for code review requests.  See the <link
	xlink:href="https://wiki.freebsd.org/CodeReview">CodeReview</link>
      wiki page for details.</para>

    <para>Committers with
      non-<systemitem class="domainname">&os;.org</systemitem>
      Phabricator accounts can have the old account renamed to the
      <systemitem class="domainname">&os;.org</systemitem> account by
      following these steps:</para>

    <procedure>
      <step>
	<para>Change your <application>Phabricator</application>
	  account email to your <systemitem
	    class="domainname">&os;.org</systemitem> email.</para>
      </step>

      <step>
	<para>Open new bug on our bug tracker using your <systemitem
	    class="domainname">&os;.org</systemitem> account, see
	  <xref linkend="bugzilla"/> for more information.  Choose
	  <literal>Services</literal> as the Product, and
	  <literal>Code Review</literal> as the Component.  In bug
	  description request that your
	  <application>Phabricator</application> account be renamed,
	  and provide a link to your
	  <application>Phabricator</application> user.  For example,
	  <literal>https://reviews.freebsd.org/p/<replaceable>bob_example.com</replaceable>/</literal></para>
      </step>
    </procedure>

    <important>
      <para><application>Phabricator</application> accounts cannot be
	merged, please do not open a new account.</para>
    </important>
  </sect1>

  <sect1 xml:id="people">
    <title>Who's Who</title>

    <para>Besides the repository meisters, there are other &os;
      project members and teams whom you will probably get to know in
      your role as a committer.  Briefly, and by no means
      all-inclusively, these are:</para>

    <variablelist>
      <varlistentry>
	<term>&a.doceng;</term>

	<listitem>
	  <para>doceng is the group responsible for the documentation
	    build infrastructure, approving new documentation
	    committers, and ensuring that the &os; website and
	    documentation on the FTP site is up to date with respect
	    to the <application>subversion</application> tree.  It is
	    not a conflict resolution body.
	    The vast majority of documentation related discussion
	    takes place on the &a.doc;.  More details regarding the
	    doceng team can be found in its <link
	      xlink:href="https://www.FreeBSD.org/internal/doceng.html">charter</link>.
	    Committers interested in contributing to the documentation
	    should familiarize themselves with the <link
	      xlink:href="&url.books.fdp-primer;/index.html">Documentation
	      Project Primer</link>.</para>
	</listitem>
      </varlistentry>

      <varlistentry>
	<term>&a.re.members.email;</term>

	<listitem>
	  <para>These are the members of the &a.re;.  This team is
	    responsible for setting release deadlines and controlling
	    the release process.  During code freezes, the release
	    engineers have final authority on all changes to the
	    system for whichever branch is pending release status.  If
	    there is something you want merged from &os.current; to
	    &os.stable; (whatever values those may have at any given
	    time), these are the people to talk to about it.</para>
	</listitem>
      </varlistentry>

      <varlistentry>
	<term>&a.so.email;</term>

	<listitem>
	  <para>&a.so; is the
	    <link xlink:href="&url.base;/security/">&os; Security
	      Officer</link> and oversees the
	    &a.security-officer;.</para>
	</listitem>
      </varlistentry>

      <varlistentry>
	<term>&a.wollman.email;</term>

	<listitem>
	  <para>If you need advice on obscure network internals or
	    are not sure of some potential change to the networking
	    subsystem you have in mind, Garrett is someone to talk
	    to.  Garrett is also very knowledgeable on the various
	    standards applicable to &os;.</para>
	</listitem>
      </varlistentry>

      <varlistentry>
	<term>&a.committers;</term>

	<listitem>
	  <para>&a.svn-src-all.name;, &a.svn-ports-all.name; and
	    &a.svn-doc-all.name; are the mailing lists that the
	    version control system uses to send commit messages to.
	    <emphasis>Never</emphasis> send email directly
	    to these lists.  Only send replies to this list
	    when they are short and are directly related to a
	    commit.</para>
	</listitem>
      </varlistentry>

      <varlistentry>
	<term>&a.developers;</term>

	<listitem>
	  <para>All committers are subscribed to -developers.  This
	    list was created to be a forum for the committers
	    <quote>community</quote> issues.  Examples are Core
	    voting, announcements, etc.</para>

	  <para>The &a.developers; is for the exclusive use of &os;
	    committers.  To develop &os;, committers must
	    have the ability to openly discuss matters that will be
	    resolved before they are publicly announced.  Frank
	    discussions of work in progress are not suitable for open
	    publication and may harm &os;.</para>

	  <para>All &os; committers are expected not to
	    not publish or forward messages from the
	    &a.developers; outside the list membership without
	    permission of all of the authors.  Violators will be
	    removed from the
	    &a.developers;, resulting in a suspension of commit
	    privileges.  Repeated or flagrant violations may result in
	    permanent revocation of commit privileges.</para>

	  <para>This list is <emphasis>not</emphasis> intended as a
	    place for code reviews or for any technical discussion.
	    In fact using it as such hurts the &os; Project as it
	    gives a sense of a closed list where general decisions
	    affecting all of the &os; using community are made without
	    being <quote>open</quote>.  Last, but not least
	    <emphasis>never, never ever, email the &a.developers; and
	    CC:/BCC: another &os; list</emphasis>.  Never, ever email
	    another &os; email list and CC:/BCC: the &a.developers;.
	    Doing so can greatly diminish the benefits of this
	    list.</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </sect1>

  <sect1 xml:id="ssh.guide">
    <title>SSH Quick-Start Guide</title>

    <procedure>
      <step>
	<para>If you do not wish to type your password in every time
	  you use &man.ssh.1;, and you use keys to
	  authenticate, &man.ssh-agent.1; is there for your
	  convenience.  If you want to use &man.ssh-agent.1;, make
	  sure that you run it before running other applications.  X
	  users, for example, usually do this from their
	  <filename>.xsession</filename> or
	  <filename>.xinitrc</filename>.  See &man.ssh-agent.1; for
	  details.</para>
      </step>

      <step>
	<para>Generate a key pair using &man.ssh-keygen.1;.  The key
	  pair will wind up in your
	  <filename>$HOME/.ssh/</filename>
	  directory.</para>

	<important>
	  <para>Only <acronym>ECDSA</acronym>,
	    <acronym>Ed25519</acronym> or <acronym>RSA</acronym> keys
	    are supported.</para>
	</important>
      </step>

      <step>
	<para>Send your public key
	  (<filename>$HOME/.ssh/id_ecdsa.pub</filename>,
	  <filename>$HOME/.ssh/id_ed25519.pub</filename>, or
	  <filename>$HOME/.ssh/id_rsa.pub</filename>)
	  to the person setting you up as a committer so it can be put
	  into
	  <filename><replaceable>yourlogin</replaceable></filename>
	  in
	  <filename>/etc/ssh-keys/</filename> on
	  <systemitem>freefall</systemitem>.</para>
      </step>
    </procedure>

    <para>Now &man.ssh-add.1; can be used for
      authentication once per session.  It prompts for
      the private key's pass phrase, and then stores it in the
      authentication agent (&man.ssh-agent.1;).  Use <command>ssh-add
	-d</command> to remove keys stored in the agent.</para>

    <para>Test with a simple remote command: <command>ssh
	freefall.FreeBSD.org ls /usr</command>.</para>

    <para>For more information, see
      <package>security/openssh-portable</package>,
      &man.ssh.1;, &man.ssh-add.1;, &man.ssh-agent.1;,
      &man.ssh-keygen.1;, and &man.scp.1;.</para>

    <para>For information on adding, changing, or removing &man.ssh.1;
      keys, see <uri
	xlink:href="https://wiki.freebsd.org/clusteradm/ssh-keys">this
	article</uri>.</para>
  </sect1>

  <sect1 xml:id="coverity">
    <title>&coverity; Availability for &os; Committers</title>

    <para>All &os; developers can obtain access to
      <application>Coverity</application> analysis results of all &os;
      Project software.  All who are interested in obtaining access to
      the analysis results of the automated
      <application>Coverity</application> runs, can sign up at <uri
	xlink:href="http://scan.coverity.com/">Coverity
	Scan</uri>.</para>

    <para>The &os; wiki includes a mini-guide for developers who are
      interested in working with the &coverity; analysis reports: <uri
	xlink:href="https://wiki.freebsd.org/CoverityPrevent">https://wiki.freebsd.org/CoverityPrevent</uri>.
      Please note that this mini-guide is only readable by &os;
      developers, so if you cannot access this page, you will have to
      ask someone to add you to the appropriate Wiki access
      list.</para>

    <para>Finally, all &os; developers who are going to use
      &coverity; are always encouraged to ask for more details and
      usage information, by posting any questions to the mailing list
      of the &os; developers.</para>
  </sect1>

  <sect1 xml:id="rules">
    <title>The &os; Committers' Big List of Rules</title>

    <para>Everyone involved with the &os; project is expected to
      abide by the <emphasis>Code of Conduct</emphasis> available from
      <link xlink:href="&url.base;/internal/code-of-conduct.html"
      >https://www.FreeBSD.org/internal/code-of-conduct.html</link>.
      As committers, you form the public face of the project, and how
      you behave has a vital impact on the public perception of it.
      This guide expands on the parts of the
      <emphasis>Code of Conduct</emphasis> specific to
      committers.</para>

    <orderedlist>
      <listitem>
	<para>Respect other committers.</para>
      </listitem>

      <listitem>
	<para>Respect other contributors.</para>
      </listitem>

      <listitem>
	<para>Discuss any significant change
	  <emphasis>before</emphasis> committing.</para>
      </listitem>

      <listitem>
	<para>Respect existing maintainers (if listed in the
	  <varname>MAINTAINER</varname> field in
	  <filename>Makefile</filename> or in
	  <filename>MAINTAINER</filename> in the top-level
	  directory).</para>
      </listitem>

      <listitem>
	<para>Any disputed change must be backed out pending
	  resolution of the dispute if requested by a maintainer.
	  Security related changes may override a maintainer's wishes
	  at the Security Officer's discretion.</para>
      </listitem>

      <listitem>
	<para>Changes go to &os.current; before &os.stable; unless
	  specifically permitted by the release engineer or unless
	  they are not applicable to &os.current;.  Any non-trivial or
	  non-urgent change which is applicable should also be allowed
	  to sit in &os.current; for at least 3 days before merging so
	  that it can be given sufficient testing.  The release
	  engineer has the same authority over the &os.stable; branch
	  as outlined for the maintainer in rule #5.</para>
      </listitem>

      <listitem>
	<para>Do not fight in public with other committers; it looks
	  bad.</para>
      </listitem>

      <listitem>
	<para>Respect all code freezes and read the
	  <literal>committers</literal> and
	  <literal>developers</literal> mailing lists in a timely
	  manner so you know when a code freeze is in effect.</para>
      </listitem>

      <listitem>
	<para>When in doubt on any procedure, ask first!</para>
      </listitem>

      <listitem>
	<para>Test your changes before committing them.</para>
      </listitem>

      <listitem>
	<para>Do not commit to contributed software without
	  <emphasis>explicit</emphasis> approval from the respective
	  maintainers.</para>
      </listitem>
    </orderedlist>

    <para>As noted, breaking some of these rules can be grounds for
      suspension or, upon repeated offense, permanent removal of
      commit privileges.  Individual members of core have the power to
      temporarily suspend commit privileges until core as a whole has
      the chance to review the issue.  In case of an
      <quote>emergency</quote> (a committer doing damage to the
      repository), a temporary suspension may also be done by the
      repository meisters.  Only a 2/3 majority of core has the
      authority to suspend commit privileges for longer than a week or
      to remove them permanently.  This rule does not exist to set
      core up as a bunch of cruel dictators who can dispose of
      committers as casually as empty soda cans, but to give the
      project a kind of safety fuse.  If someone is out of control, it
      is important to be able to deal with this immediately rather
      than be paralyzed by debate.  In all cases, a committer whose
      privileges are suspended or revoked is entitled to a
      <quote>hearing</quote> by core, the total duration of the
      suspension being determined at that time.  A committer whose
      privileges are suspended may also request a review of the
      decision after 30 days and every 30 days thereafter (unless the
      total suspension period is less than 30 days).  A committer
      whose privileges have been revoked entirely may request a review
      after a period of 6 months has elapsed.  This review policy is
      <emphasis>strictly informal</emphasis> and, in all cases, core
      reserves the right to either act on or disregard requests for
      review if they feel their original decision to be the right
      one.</para>

    <para>In all other aspects of project operation, core is a subset
      of committers and is bound by the
      <emphasis>same rules</emphasis>.  Just because someone is in
      core this does not mean that they have special dispensation to
      step outside any of the lines painted here; core's
      <quote>special powers</quote> only kick in when it acts as a
      group, not on an individual basis.  As individuals, the core
      team members are all committers first and core second.</para>

    <sect2>
      <title>Details</title>

      <orderedlist>
	<listitem xml:id="respect">
	  <para>Respect other committers.</para>

	  <para>This means that you need to treat other committers as
	    the peer-group developers that they are.  Despite our
	    occasional attempts to prove the contrary, one does not
	    get to be a committer by being stupid and nothing rankles
	    more than being treated that way by one of your peers.
	    Whether we always feel respect for one another or not (and
	    everyone has off days), we still have to
	    <emphasis>treat</emphasis> other committers with respect
	    at all times, on public forums and in private
	    email.</para>

	  <para>Being able to work together long term is this
	    project's greatest asset, one far more important than any
	    set of changes to the code, and turning arguments about
	    code into issues that affect our long-term ability to work
	    harmoniously together is just not worth the trade-off by
	    any conceivable stretch of the imagination.</para>

	  <para>To comply with this rule, do not send email when you
	    are angry or otherwise behave in a manner which is likely
	    to strike others as needlessly confrontational.  First
	    calm down, then think about how to communicate in the most
	    effective fashion for convincing the other persons that
	    your side of the argument is correct, do not just blow off
	    some steam so you can feel better in the short term at the
	    cost of a long-term flame war.  Not only is this very bad
	    <quote>energy economics</quote>, but repeated displays of
	    public aggression which impair our ability to work well
	    together will be dealt with severely by the project
	    leadership and may result in suspension or termination of
	    your commit privileges.  The project leadership will take
	    into account both public and private communications
	    brought before it.  It will not seek the disclosure of
	    private communications, but it will take it into account
	    if it is volunteered by the committers involved in the
	    complaint.</para>

	  <para>All of this is never an option which the project's
	    leadership enjoys in the slightest, but unity comes first.
	    No amount of code or good advice is worth trading that
	    away.</para>
	</listitem>

	<listitem>
	  <para>Respect other contributors.</para>

	  <para>You were not always a committer.  At one time you were
	    a contributor.  Remember that at all times.  Remember what
	    it was like trying to get help and attention.  Do not
	    forget that your work as a contributor was very important
	    to you.  Remember what it was like.  Do not discourage,
	    belittle, or demean contributors.  Treat them with
	    respect.  They are our committers in waiting.  They are
	    every bit as important to the project as committers.
	    Their contributions are as valid and as important as your
	    own.  After all, you made many contributions before you
	    became a committer.  Always remember that.</para>

	  <para>Consider the points raised under
	    <xref linkend="respect"/> and apply them also to
	    contributors.</para>
	</listitem>

	<listitem>
	  <para>Discuss any significant change
	    <emphasis>before</emphasis> committing.</para>

	  <para>The repository is not where changes are initially
	    submitted for correctness or argued over, that happens
	    first in the mailing lists or by use of the Phabricator
	    service.  The commit will only happen once something
	    resembling consensus has been reached.  This does not mean
	    that permission is required before correcting every
	    obvious syntax error or manual page misspelling, just that
	    it is good to develop a feel for when a proposed change is
	    not quite such a no-brainer and requires some feedback
	    first.  People really do not mind sweeping changes if the
	    result is something clearly better than what they had
	    before, they just do not like being
	    <emphasis>surprised</emphasis> by those changes.  The very
	    best way of making sure that things are on the right track
	    is to have code reviewed by one or more other
	    committers.</para>

	  <para>When in doubt, ask for review!</para>
	</listitem>

	<listitem>
	  <para>Respect existing maintainers if listed.</para>

	  <para>Many parts of &os; are not <quote>owned</quote> in
	    the sense that any specific individual will jump up and
	    yell if you commit a change to <quote>their</quote> area,
	    but it still pays to check first.  One convention we use
	    is to put a maintainer line in the
	    <filename>Makefile</filename> for any package or subtree
	    which is being actively maintained by one or more people;
	    see <link
	      xlink:href="&url.books.developers-handbook;/policies.html">https://www.FreeBSD.org/doc/en_US.ISO8859-1/books/developers-handbook/policies.html</link>
	    for documentation on this.  Where sections of code have
	    several maintainers, commits to affected areas by one
	    maintainer need to be reviewed by at least one other
	    maintainer.  In cases where the
	    <quote>maintainer-ship</quote> of something is not clear,
	    look at the repository logs for the files
	    in question and see if someone has been working recently
	    or predominantly in that area.</para>
	</listitem>

	<listitem>
	  <para>Any disputed change must be backed out pending
	    resolution of the dispute if requested by a maintainer.
	    Security related changes may override a maintainer's
	    wishes at the Security Officer's discretion.</para>

	  <para>This may be hard to swallow in times of conflict (when
	    each side is convinced that they are in the right, of
	    course) but a version control system makes it unnecessary
	    to have an ongoing dispute raging when it is far easier to
	    simply reverse the disputed change, get everyone calmed
	    down again and then try to figure out what is the best way
	    to proceed.  If the change turns out to be the best thing
	    after all, it can be easily brought back.  If it turns out
	    not to be, then the users did not have to live with the
	    bogus change in the tree while everyone was busily
	    debating its merits.  People <emphasis>very</emphasis>
	    rarely call for back-outs in the repository since
	    discussion generally exposes bad or controversial changes
	    before the commit even happens, but on such rare occasions
	    the back-out should be done without argument so that we
	    can get immediately on to the topic of figuring out
	    whether it was bogus or not.</para>
	</listitem>

	<listitem>
	  <para>Changes go to &os.current; before &os.stable; unless
	    specifically permitted by the release engineer or unless
	    they are not applicable to &os.current;.  Any non-trivial
	    or non-urgent change which is applicable should also be
	    allowed to sit in &os.current; for at least 3 days before
	    merging so that it can be given sufficient testing.  The
	    release engineer has the same authority over the
	    &os.stable; branch as outlined in rule #5.</para>

	  <para>This is another <quote>do not argue about it</quote>
	    issue since it is the release engineer who is ultimately
	    responsible (and gets beaten up) if a change turns out to
	    be bad.  Please respect this and give the release engineer
	    your full cooperation when it comes to the &os.stable;
	    branch.  The management of &os.stable; may frequently seem
	    to be overly conservative to the casual observer, but also
	    bear in mind the fact that conservatism is supposed to be
	    the hallmark of &os.stable; and different rules apply
	    there than in &os.current;.  There is also really no point
	    in having &os.current; be a testing ground if changes are
	    merged over to &os.stable; immediately.  Changes need a
	    chance to be tested by the &os.current; developers, so
	    allow some time to elapse before merging unless the
	    &os.stable; fix is critical, time sensitive or so obvious
	    as to make further testing unnecessary (spelling fixes to
	    manual pages, obvious bug/typo fixes, etc.)  In other
	    words, apply common sense.</para>

	  <para>Changes to the security branches (for example,
	    <literal>releng/9.3</literal>) must be approved by a
	    member of the &a.security-officer;, or in some cases, by a
	    member of the &a.re;.</para>
	</listitem>

	<listitem>
	  <para>Do not fight in public with other committers; it looks
	    bad.</para>

	  <para>This project has a public image to uphold and that
	    image is very important to all of us, especially if we are
	    to continue to attract new members.  There will be
	    occasions when, despite everyone's very best attempts at
	    self-control, tempers are lost and angry words are
	    exchanged.  The best thing that can be done in such cases
	    is to minimize the effects of this until everyone has
	    cooled back down.  Do not air
	    angry words in public and do not forward private
	    correspondence or other private communications to public
	    mailing lists, mail aliases, instant messaging channels or
	    social media sites.  What people say one-to-one is often
	    much less sugar-coated than what they would say in public,
	    and such communications therefore have no place there -
	    they only serve to inflame an already bad situation.  If
	    the person sending a flame-o-gram at least had the
	    grace to send it privately, then have the grace to keep it
	    private yourself.  If you feel you are being unfairly
	    treated by another developer, and it is causing you
	    anguish, bring the matter up with core rather than taking
	    it public.  Core will do its best to play peace makers and
	    get things back to sanity.  In cases where the dispute
	    involves a change to the codebase and the participants do
	    not appear to be reaching an amicable agreement, core may
	    appoint a mutually-agreeable third party to resolve the
	    dispute.  All parties involved must then agree to be bound
	    by the decision reached by this third party.</para>
	</listitem>

	<listitem>
	  <para>Respect all code freezes and read the
	    <literal>committers</literal> and
	    <literal>developers</literal> mailing list on a timely
	    basis so you know when a code freeze is in effect.</para>

	  <para>Committing unapproved changes during a code freeze is
	    a really big mistake and committers are expected to keep
	    up-to-date on what is going on before jumping in after a
	    long absence and committing 10 megabytes worth of
	    accumulated stuff.  People who abuse this on a regular
	    basis will have their commit privileges suspended until
	    they get back from the &os; Happy Reeducation Camp we
	    run in Greenland.</para>
	</listitem>

	<listitem>
	  <para>When in doubt on any procedure, ask first!</para>

	  <para>Many mistakes are made because someone is in a hurry
	    and just assumes they know the right way of doing
	    something.  If you have not done it before, chances are
	    good that you do not actually know the way we do things
	    and really need to ask first or you are going to
	    completely embarrass yourself in public.  There is no
	    shame in asking
	    <quote>how in the heck do I do this?</quote>  We already
	    know you are an intelligent person; otherwise, you would
	    not be a committer.</para>
	</listitem>

	<listitem>
	  <para>Test your changes before committing them.</para>

	  <para>This may sound obvious, but if it really were so
	    obvious then we probably would not see so many cases of
	    people clearly not doing this.  If your changes are to the
	    kernel, make sure you can still compile both GENERIC and
	    LINT.  If your changes are anywhere else, make sure you
	    can still make world.  If your changes are to a branch,
	    make sure your testing occurs with a machine which is
	    running that code.  If you have a change which also may
	    break another architecture, be sure and test on all
	    supported architectures.  Please refer to the
	    <link xlink:href="https://www.FreeBSD.org/internal/">&os;
	      Internal Page</link> for a list of available resources.
	    As other architectures are added to the &os; supported
	    platforms list, the appropriate shared testing resources
	    will be made available.</para>
	</listitem>

	<listitem>
	  <para>Do not commit to contributed software without
	    <emphasis>explicit</emphasis> approval from the respective
	    maintainers.</para>

	  <para>Contributed software is anything under the
	    <filename>src/contrib</filename>,
	    <filename>src/crypto</filename>, or
	    <filename>src/sys/contrib</filename> trees.</para>

	  <para>The trees mentioned above are for contributed software
	    usually imported onto a vendor branch.  Committing
	    something there may cause unnecessary headaches
	    when importing newer versions of the software.  As a
	    general consider sending patches upstream to the vendor.
	    Patches may be committed to FreeBSD first with permission
	    of the maintainer.</para>

	  <para>Reasons for modifying upstream software range from
	    wanting strict control over a tightly coupled dependency
	    to lack of portability in the canonical repository's
	    distribution of their code.  Regardless of the reason,
	    effort to minimize the maintenance burden of fork is
	    helpful to fellow maintainers.  Avoid committing trivial
	    or cosmetic changes to files since it makes every merge
	    thereafter more difficult: such patches need to be
	    manually re-verified every import.</para>

	  <para>If a particular piece of software lacks a maintainer,
	    you are encouraged to take up ownership.  If you are unsure
	    of the current maintainership email &a.arch; and
	    ask.</para>
	</listitem>
      </orderedlist>
    </sect2>

    <sect2>
      <title>Policy on Multiple Architectures</title>

      <para>&os; has added several new architecture ports during
	recent release cycles and is truly no longer an &i386; centric
	operating system.  In an effort to make it easier to keep
	&os; portable across the platforms we support, core has
	developed this mandate:</para>

      <blockquote>
	<para>Our 32-bit reference platform is &arch.i386;, and our
	  64-bit reference platform is &arch.amd64;.  Major design
	  work (including major API and ABI changes) must prove
	  itself on at least one 32-bit and at least one 64-bit
	  platform, preferably the primary reference platforms,
	  before it may be committed to the source tree.</para>
      </blockquote>

      <para>The &arch.i386; and &arch.amd64; platforms were chosen
	due to being more readily available to developers and as
	representatives of more diverse processor and system designs -
	big versus little endian, register file versus register stack,
	different DMA and cache implementations, hardware page tables
	versus software TLB management etc.</para>

      <para>We will continue to re-evaluate this policy as cost and
	availability of the 64-bit platforms change.</para>

      <para>Developers should also be aware of our Tier Policy for
	the long term support of hardware architectures.  The rules
	here are intended to provide guidance during the development
	process, and are distinct from the requirements for features
	and architectures listed in that section.  The Tier rules for
	feature support on architectures at release-time are more
	strict than the rules for changes during the development
	process.</para>
    </sect2>

    <sect2>
      <title>Other Suggestions</title>

      <para>When committing documentation changes, use a spell checker
	before committing.  For all XML docs, verify that the
	formatting directives are correct by running
	<command>make lint</command> and
	<package>textproc/igor</package>.</para>

      <para>For manual pages, run <package>sysutils/manck</package>
	and <package>textproc/igor</package>
	over the manual page to verify all of the cross
	references and file references are correct and that the man
	page has all of the appropriate <varname>MLINK</varname>s
	installed.</para>

      <para>Do not mix style fixes with new functionality.  A style
	fix is any change which does not modify the functionality of
	the code.  Mixing the changes obfuscates the functionality
	change when asking for differences between revisions, which
	can hide any new bugs.  Do not include whitespace changes with
	content changes in commits to <filename>doc/</filename> .
	The extra clutter in the diffs
	makes the translators' job much more difficult.  Instead, make
	any style or whitespace changes in separate commits that are
	clearly labeled as such in the commit message.</para>
    </sect2>

    <sect2>
      <title>Deprecating Features</title>

      <para>When it is necessary to remove functionality from software
	in the base system, follow these guidelines
	whenever possible:</para>

      <orderedlist>
	<listitem>
	  <para>Mention is made in the manual page and possibly the
	    release notes that the option, utility, or interface is
	    deprecated.  Use of the deprecated feature generates a
	    warning.</para>
	</listitem>

	<listitem>
	  <para>The option, utility, or interface is preserved until
	    the next major (point zero) release.</para>
	</listitem>

	<listitem>
	  <para>The option, utility, or interface is removed and no
	    longer documented.  It is now obsolete.  It is also
	    generally a good idea to note its removal in the release
	    notes.</para>
	</listitem>
      </orderedlist>
    </sect2>

    <sect2>
      <title>Privacy and Confidentiality</title>

      <orderedlist>
	<listitem>
	  <para>Most &os; business is done in public.</para>

	  <para>&os; is an <emphasis>open</emphasis> project.  Which
	    means that not only can anyone use the source code, but
	    that most of the development process is open to public
	    scrutiny.</para>
	</listitem>

	<listitem>
	  <para>Certain sensitive matters must remain private or
	    held under embargo.</para>

	  <para>There unfortunately cannot be complete transparency.
	    As a &os; developer you will have a certain degree of
	    privileged access to information.  Consequently you are
	    expected to respect certain requirements for
	    confidentiality.  Sometimes the need for confidentiality
	    comes from external collaborators or has a specific time
	    limit.  Mostly though, it is a matter of not releasing
	    private communications.</para>
	</listitem>

	<listitem>
	  <para>The Security Officer has sole control over the
	    release of security advisories.</para>

	  <para>Where there are security problems that affect many
	    different operating systems, &os; frequently depends on
	    early access to be able to prepare advisories for
	    coordinated release.  Unless &os; developers can be
	    trusted to maintain security, such early access will not
	    be made available.  The Security Officer is responsible
	    for controlling pre-release access to information about
	    vulnerabilities, and for timing the release of all
	    advisories.  He may request help under condition of
	    confidentiality from any developer with relevant knowledge
	    to prepare security fixes.</para>
	</listitem>

	<listitem>
	  <para>Communications with Core are kept confidential for as
	    long as necessary.</para>

	  <para>Communications to core will initially be treated as
	    confidential.  Eventually however, most of Core's business
	    will be summarized into the monthly or quarterly core
	    reports.  Care will be taken to avoid publicising any
	    sensitive details.  Records of some particularly sensitive
	    subjects may not be reported on at all and will be
	    retained only in Core's private archives.</para>
	</listitem>

	<listitem>
	  <para>Non-disclosure Agreements may be required for access
	    to certain commercially sensitive data.</para>

	  <para>Access to certain commercially sensitive data may
	    only be available under a Non-Disclosure Agreement.  The
	    FreeBSD Foundation legal staff must be consulted before
	    any binding agreements are entered into.</para>
	</listitem>

	<listitem>
	  <para>Private communications must not be made
	    public without permission.</para>

	  <para>Beyond the specific requirements above there is a
	    general expectation not to publish private communications
	    between developers without the consent of all parties
	    involved.  Ask permission before forwarding a message onto
	    a public mailing list, or posting it to a forum or website
	    that can be accessed by other than the original
	    correspondents.</para>
	</listitem>

	<listitem>
	  <para>Communications on project-only or restricted access
	    channels must be kept private.</para>

	  <para>Similarly to personal communications, certain
	    internal communications channels, including &os; Committer
	    only mailing lists and restricted access IRC channels
	    are considered private communications.  Permission is
	    required to publish material from these
	    sources.</para>
	</listitem>

	<listitem>
	  <para>Core may approve publication.</para>

	  <para>Where it is impractical to obtain permission due to
	    the number of correspondents or where permission to
	    publish is unreasonably withheld, Core may approve release
	    of such private matters that merit more general
	    publication.</para>
	</listitem>
      </orderedlist>
    </sect2>
  </sect1>

  <sect1 xml:id="archs">
    <title>Support for Multiple Architectures</title>

    <para>&os; is a highly portable operating system intended to
      function on many different types of hardware architectures.
      Maintaining clean separation of Machine Dependent (MD) and
      Machine Independent (MI) code, as well as minimizing MD code, is
      an important part of our strategy to remain agile with regards
      to current hardware trends.  Each new hardware architecture
      supported by &os; adds substantially to the cost of code
      maintenance, toolchain support, and release engineering.  It
      also dramatically increases the cost of effective testing of
      kernel changes.  As such, there is strong motivation to
      differentiate between classes of support for various
      architectures while remaining strong in a few key architectures
      that are seen as the &os; <quote>target audience</quote>.</para>

    <sect2>
      <title>Statement of General Intent</title>

      <para>The &os; Project targets "production quality commercial
	off-the-shelf (COTS) workstation, server, and high-end
	embedded systems".  By retaining a focus on a narrow set of
	architectures of interest in these environments, the &os;
	Project is able to maintain high levels of quality, stability,
	and performance, as well as minimize the load on various
	support teams on the project, such as the ports team,
	documentation team, security officer, and release engineering
	teams.  Diversity in hardware support broadens the options for
	&os; consumers by offering new features and usage
	opportunities, but these benefits must always
	be carefully considered in terms of the real-world maintenance
	cost associated with additional platform support.</para>

      <para>The &os; Project differentiates platform targets into four
	tiers.  Each tier includes a list of guarantees consumers may
	rely on as well as obligations by the Project and developers
	to fulfill those guarantees.  These lists define the minimum
	guarantees for each tier.  The Project and developers may
	provide additional levels of support beyond the minimum
	guarantees for a given tier, but such additional support is
	not guaranteed.  Each platform target is assigned to a
	specific tier for each stable branch.  As a result, a platform
	target might be assigned to different tiers on concurrent
	stable branches.</para>
    </sect2>

    <sect2>
      <title>Platform Targets</title>

      <para>Support for a hardware platform consists of two
	components: kernel support and userland Application Binary
	Interfaces (ABIs).  Kernel platform support includes things
	needed to run a &os; kernel on a hardware platform such as
	machine-dependent virtual memory management and device
	drivers.  A userland ABI specifies an interface for user
	processes to interact with a &os; kernel and base system
	libraries.  A userland ABI includes system call interfaces,
	the layout and semantics of public data structures, and the
	layout and semantics of arguments passed to subroutines.  Some
	components of an ABI may be defined by specifications such as
	the layout of C++ exception objects or calling conventions for
	C functions.</para>

      <para>A &os; kernel also uses an ABI (sometimes referred to as
	the Kernel Binary Interface (KBI)) which includes the
	semantics and layouts of public data structures and the layout
	and semantics of arguments to public functions within the
	kernel itself.</para>

      <para>A &os; kernel may support multiple userland ABIs.  For
	example, &os;'s amd64 kernel supports &os; amd64 and i386
	userland ABIs as well as Linux x86_64 and i386 userland ABIs.
	A &os; kernel should support a <quote>native</quote> ABI as
	the default ABI.  The native <quote>ABI</quote> generally
	shares certain properties with the kernel ABI such as the C
	calling convention, sizes of basic types, etc.</para>

      <para>Tiers are defined for both kernels and userland ABIs.  In
	the common case, a platform's kernel and &os; ABIs are
	assigned to the same tier.</para>
    </sect2>

    <sect2>
      <title>Tier 1: Fully-Supported Architectures</title>

      <para>Tier 1 platforms are the most mature &os; platforms.
	They are supported by the security officer, release
	engineering, and port management teams.  Tier 1 architectures
	are expected to be Production Quality with respect to all
	aspects of the &os; operating system, including installation
	and development environments.</para>

      <para>The &os; Project provides the following guarantees to
	consumers of Tier 1 platforms:</para>

      <itemizedlist>
	<listitem>
	  <para>Official &os; release images will be provided by the
	    release engineering team.</para>
	</listitem>
	<listitem>
	  <para>Binary updates and source patches for Security
	    Advisories and Errata Notices will be provided for
	    supported releases.</para>
	</listitem>
	<listitem>
	  <para>Source patches for Security Advisories will be
	    provided for supported branches.</para>
	</listitem>
	<listitem>
	  <para>Binary updates and source patches for cross-platform
	    Security Advisories will typically be provided at the time
	    of the announcement.</para>
	</listitem>
	<listitem>
	  <para>Changes to userland ABIs will generally include
	    compatibility shims to ensure correct operation of
	    binaries compiled against any stable branch where the
	    platform is Tier 1.  These shims might not be enabled in
	    the default install.  If compatibility shims are not
	    provided for an ABI change, the lack of shims will be
	    clearly documented in the release notes.</para>
	</listitem>
	<listitem>
	  <para>Changes to certain portions of the kernel ABI will
	    include compatibility shims to ensure correct operation of
	    kernel modules compiled against the oldest supported
	    release on the branch.  Note that not all parts of the
	    kernel ABI are protected.</para>
	</listitem>
	<listitem>
	  <para>Official binary packages for third party software will
	    be provided by the ports team.  For embedded
	    architectures, these packages may be cross-built from a
	    different architecture.</para>
	</listitem>
	<listitem>
	  <para>Most relevant ports should either build or have the
	    appropriate filters to prevent inappropriate ones from
	    building.</para>
	</listitem>
	<listitem>
	  <para>New features which are not inherently
	    platform-specific will be fully functional on all Tier 1
	    architectures.</para>
	</listitem>
	<listitem>
	  <para>Features and compatibility shims used by binaries
	    compiled against older stable branches may be removed in
	    newer major versions.  Such removals will be clearly
	    documented in the release notes.</para>
	</listitem>
	<listitem>
	  <para>Tier 1 platforms should be fully documented.  Basic
	    operations will be documented in the &os; Handbook.</para>
	</listitem>
	<listitem>
	  <para>Tier 1 platforms will be included in the source
	    tree.</para>
	</listitem>
	<listitem>
	  <para>Tier 1 platforms should be self-hosting either via the
	    in-tree toolchain or an external toolchain.  If an
	    external toolchain is required, official binary packages
	    for an external toolchain will be provided.</para>
	</listitem>
      </itemizedlist>

      <para>To maintain maturity of Tier 1 platforms, the &os; Project
	will maintain the following resources to support
	development:</para>

      <itemizedlist>
	<listitem>
	  <para>Build and test automation support either in the
	    FreeBSD.org cluster or some other location easily
	    available for all developers.  Embedded platforms may
	    substitute an emulator available in the FreeBSD.org
	    cluster for actual hardware.</para>
	</listitem>
	<listitem>
	  <para>Inclusion in the <userinput>make universe</userinput>
	    and <userinput>make tinderbox</userinput> targets.</para>
	</listitem>
	<listitem>
	  <para>Dedicated hardware in one of the &os; clusters for
	    package building (either natively or via
	    qemu-user).</para>
	</listitem>
      </itemizedlist>

      <para>Collectively, developers are required to provide the
	following to maintain the Tier 1 status of a platform:</para>

      <itemizedlist>
	<listitem>
	  <para>Changes to the source tree should not knowingly break
	    the build of a Tier 1 platform.</para>
	</listitem>
	<listitem>
	  <para>Tier 1 architectures must have a mature, healthy
	    ecosystem of users and active developers.</para>
	</listitem>
	<listitem>
	  <para>Developers should be able to build packages on
	    commonly available, non-embedded Tier 1 systems.  This can
	    mean either native builds if non-embedded systems are
	    commonly available for the platform in question, or it can
	    mean cross-builds hosted on some other Tier 1
	    architecture.</para>
	</listitem>
	<listitem>
	  <para>Changes cannot break the userland ABI.  If an ABI
	    change is required, ABI compatibility for existing
	    binaries should be provided via use of symbol versioning
	    or shared library version bumps.</para>
	</listitem>
	<listitem>
	  <para>Changes merged to stable branches cannot break the
	    protected portions of the kernel ABI.  If a kernel ABI
	    change is required, the change should be modified to
	    preserve functionality of existing kernel modules.</para>
	</listitem>
      </itemizedlist>
    </sect2>

    <sect2>
      <title>Tier 2: Developmental and Niche Architectures</title>

      <para>Tier 2 platforms are functional, but less mature &os;
	platforms.  They are not supported by the security officer,
	release engineering, and port management teams.</para>

      <para>Tier 2 platforms may be Tier 1 platform candidates that
	are still under active development.  Architectures reaching
	end of life may also be moved from Tier 1 status to Tier 2
	status as the availability of resources to continue to
	maintain the system in a Production Quality state diminishes.
	Well-supported niche architectures may also be Tier 2.</para>

      <para>The &os; Project provides the following guarantees to
	consumers of Tier 2 platforms:</para>

      <itemizedlist>
	<listitem>
	  <para>The ports infrastructure should include basic support
	    for Tier 2 architectures sufficient to support building
	    ports and packages.  This includes support for basic
	    packages such as ports-mgmt/pkg, but there is no guarantee
	    that arbitrary ports will be buildable or
	    functional.</para>
	</listitem>
	<listitem>
	  <para>New features which are not inherently
	    platform-specific should be feasible on all Tier 2
	    architectures if not implemented.</para>
	</listitem>
	<listitem>
	  <para>Tier 2 platforms will be included in the source
	    tree.</para>
	</listitem>
	<listitem>
	  <para>Tier 2 platforms should be self-hosting either via the
	    in-tree toolchain or an external toolchain.  If an
	    external toolchain is required, official binary packages
	    for an external toolchain will be provided.</para>
	</listitem>
	<listitem>
	  <para>Tier 2 platforms should provide functional kernels and
	    userlands even if an official release distribution is not
	    provided.</para>
	</listitem>
      </itemizedlist>

      <para>To maintain maturity of Tier 2 platforms, the &os; Project
	will maintain the following resources to support
	development:</para>

      <itemizedlist>
	<listitem>
	  <para>Inclusion in the <userinput>make universe</userinput>
	    and <userinput>make tinderbox</userinput> targets.</para>
	</listitem>
      </itemizedlist>

      <para>Collectively, developers are required to provide the
	following to maintain the Tier 2 status of a platform:</para>

      <itemizedlist>
	<listitem>
	  <para>Changes to the source tree should not knowingly break
	    the build of a Tier 2 platform.</para>
	</listitem>
	<listitem>
	  <para>Tier 2 architectures must have an active ecosystem of
	    users and developers.</para>
	</listitem>
	<listitem>
	  <para>While changes are permitted to break the userland ABI,
	    the ABI should not be broken gratuitously.  Significant
	    userland ABI changes should be restricted to major
	    versions.</para>
	</listitem>
	<listitem>
	  <para>New features that are not yet implemented on Tier 2
	    architectures should provide a means of disabling them on
	    those architectures.</para>
	</listitem>
      </itemizedlist>
    </sect2>

    <sect2>
      <title>Tier 3: Experimental Architectures</title>

      <para>Tier 3 platforms have at least partial &os; support.  They
	are <emphasis>not</emphasis> supported by the security
	officer, release engineering, and port management
	teams.</para>

      <para>Tier 3 platforms are architectures in the early stages of
	development, for non-mainstream hardware platforms, or which
	are considered legacy systems unlikely to see broad future
	use.  Initial support for Tier 3 platforms may exist in a
	separate repository rather than the main source
	repository.</para>

      <para>The &os; Project provides no guarantees to consumers of
	Tier 3 platforms and is not committed to maintaining resources
	to support development.  Tier 3 platforms may not always be
	buildable, nor are any kernel or userland ABIs considered
	stable.</para>
    </sect2>

    <sect2>
      <title>Tier 4: Unsupported Architectures</title>

      <para>Tier 4 platforms are not supported in any form by the
	project.</para>

      <para>All systems not otherwise classified are Tier 4 systems.
	When a platform transitions to Tier 4, all support for the
	platform is removed from the source and ports trees.  Note
	that ports support should remain as long as the platform is
	supported in a branch supported by ports.</para>
    </sect2>

    <sect2>
      <title>Policy on Changing the Tier of an Architecture</title>

      <para>Systems may only be moved from one tier to another by
	approval of the &os; Core Team, which shall make that decision
	in collaboration with the Security Officer, Release
	Engineering, and ports management teams.  For a platform to be
	promoted to a higher tier, any missing support guarantees must
	be satisfied before the promotion is completed.</para>
    </sect2>
  </sect1>

  <sect1 xml:id="ports">
    <title>Ports Specific FAQ</title>

    <qandaset>
      <qandadiv xml:id="ports-qa-adding">
	<title>Adding a New Port</title>

	<qandaentry xml:id="ports-qa-add-new">
	  <question>
	    <para>How do I add a new port?</para>
	  </question>

	  <answer>
	    <para>First, please read the section about repository
	      copies.</para>

	    <para>The easiest way to add a new port is the
	      <command>addport</command> script located in the
	      <filename>ports/Tools/scripts</filename> directory.  It
	      adds a port from the directory specified, determining
	      the category automatically from the port
	      <filename>Makefile</filename>.  It also adds an entry to
	      the port's category <filename>Makefile</filename>.  It
	      was written by &a.mharo.email;, &a.will.email;, and
	      &a.garga.email;.  When sending questions about this
	      script to the &a.ports;, please also CC &a.crees.email;,
	      the current maintainer.</para>
	  </answer>
	</qandaentry>

	<qandaentry xml:id="ports-qa-add-new-extra">
	  <question>
	    <para>Any other things I need to know when I add a new
	      port?</para>
	  </question>

	  <answer>
	    <para>Check the port, preferably to make sure it compiles
	      and packages correctly.  This is the recommended
	      sequence:</para>

	    <screen>&prompt.root; <userinput>make install</userinput>
&prompt.root; <userinput>make package</userinput>
&prompt.root; <userinput>make deinstall</userinput>
&prompt.root; <userinput>pkg add <replaceable>package you built above</replaceable></userinput>
&prompt.root; <userinput>make deinstall</userinput>
&prompt.root; <userinput>make reinstall</userinput>
&prompt.root; <userinput>make package</userinput></screen>

	    <para>The <link
		xlink:href="&url.books.porters-handbook;/index.html">Porters
		Handbook</link> contains more detailed
	      instructions.</para>

	    <para>Use &man.portlint.1; to check the syntax of the
	      port.  You do not necessarily have to eliminate all
	      warnings but make sure you have fixed the simple
	      ones.</para>

	    <para>If the port came from a submitter who has not
	      contributed to the Project before, add that person's
	      name to the <link
		xlink:href="&url.articles.contributors;/contrib-additional.html">Additional
		Contributors</link> section of the &os;
	      Contributors List.</para>

	    <para>Close the PR if the port came in as a PR.  To close
	      a PR, change the state to <literal>Issue
		Resolved</literal> and the resolution as
	      <literal>Fixed</literal>.</para>
	  </answer>
	</qandaentry>
      </qandadiv>

      <qandadiv xml:id="ports-qa-removing">
	<title>Removing an Existing Port</title>

	<qandaentry xml:id="ports-qa-remove-one">
	  <question>
	    <para>How do I remove an existing port?</para>
	  </question>

	  <answer>
	    <para>First, please read the section about repository
	      copies.  Before you remove the port, you have to verify
	      there are no other ports depending on it.</para>

	    <itemizedlist>
	      <listitem>
		<para>Make sure there is no dependency on the port
		  in the ports collection:</para>

		<itemizedlist>
		  <listitem>
		    <para>The port's PKGNAME appears in exactly
		      one line in a recent INDEX file.</para>
		  </listitem>

		  <listitem>
		    <para>No other ports contains any reference
		      to the port's directory or PKGNAME in their
		      Makefiles</para>

		    <tip>
		      <para>When using <application>Git</application>,
			consider using <command>git grep</command>, it
			is much faster than <command>grep
			  -r</command>.</para>
		    </tip>
		  </listitem>
		</itemizedlist>
	      </listitem>

	      <listitem>
		<para>Then, remove the port:</para>

		<procedure>
		  <step>
		    <para>Remove the port's files and directory with
		      <command>svn remove</command>.</para>
		  </step>

		  <step>
		    <para>Remove the <varname>SUBDIR</varname> listing
		      of the port in the parent directory
		      <filename>Makefile</filename>.</para>
		  </step>

		  <step>
		    <para>Add an entry to
		      <filename>ports/MOVED</filename>.</para>
		  </step>

		  <step>
		    <para>Search for entries in
		      <filename>ports/security/vuxml/vuln.xml</filename>
		      and adjust them accordingly.  In particular,
		      check for previous packages with the new name
		      which version could include the new port.</para>
		  </step>

		  <step>
		    <para>Remove the port from
		      <filename>ports/LEGAL</filename> if it is
		      there.</para>
		  </step>
		</procedure>
	      </listitem>
	    </itemizedlist>

	    <para>Alternatively, you can use the
	      <command>rmport</command> script, from
	      <filename>ports/Tools/scripts</filename>.  This script
	      was written by &a.vd.email;.  When sending questions
	      about this script to the &a.ports;, please also CC
	      &a.crees.email;, the current maintainer.</para>
	  </answer>
	</qandaentry>
      </qandadiv>

      <qandadiv xml:id="ports-qa-re-adding">
	<title>Re-adding a Deleted Port</title>

	<qandaentry xml:id="ports-qa-resurrect">
	  <question>
	    <para>How do I re-add a deleted port?</para>
	  </question>

	  <answer>
	    <para>This is essentially the reverse of deleting a
	      port.</para>

	    <important>
	      <para>Do not use <command>svn add</command> to add the
		port.  Follow these steps.  If they are unclear, or
		are not working, ask for help, do not just
		<command>svn add</command> the port.</para>
	    </important>

	    <procedure>
	      <step>
		<para>Figure out when the port was removed.  Use this
		  <link
		    xlink:href="https://people.FreeBSD.org/~crees/removed_ports/index.xml">list</link>,
		  or look for the port on <link
		    xlink:href="http://www.freshports.org/">freshports</link>,
		  and then copy the last living revision of the
		  port:</para>

		<screen>&prompt.user; <userinput>cd /usr/ports/<replaceable>category</replaceable></userinput>
&prompt.user; <userinput>svn cp 'svn+ssh://repo.freebsd.org/ports/head/<replaceable>category</replaceable>/<replaceable>portname</replaceable>/@<replaceable>XXXXXX</replaceable>' <replaceable>portname</replaceable></userinput></screen>

		<para>Pick the revision that is just before the
		  removal.  For example, if the revision where it was
		  removed is <literal>269874</literal>, use
		  <literal>269873</literal>.</para>

		<para>It is also possible to specify a date.  In that
		  case, pick a date that is before the removal but
		  after the last commit to the port.</para>

		<screen>&prompt.user; <userinput>cd /usr/ports/<replaceable>category</replaceable></userinput>
&prompt.user; <userinput>svn cp 'svn+ssh://repo.freebsd.org/ports/head/<replaceable>category</replaceable>/<replaceable>portname</replaceable>/@{<replaceable>YYYY-MM-DD</replaceable>}' <replaceable>portname</replaceable></userinput></screen>
	      </step>

	      <step>
		<para>Make the changes necessary to get the port
		  working again.  If it was deleted because the
		  distfiles are no longer available, either
		  volunteer to host the distfiles, or find someone
		  else to do so.</para>
	      </step>

	      <step>
		<para>If some files have been added, or were removed
		  during the resurrection process, use <command>svn
		    add</command> or <command>svn remove</command> to
		  make sure all the files in the port will be
		  committed.</para>
	      </step>

	      <step>
		<para>Restore the <varname>SUBDIR</varname> listing of
		  the port in the parent directory
		  <filename>Makefile</filename>, keeping the entries
		  sorted.</para>
	      </step>

	      <step>
		<para>Delete the port entry from
		  <filename>ports/MOVED</filename>.</para>
	      </step>

	      <step>
		<para>If the port had an entry in
		  <filename>ports/LEGAL</filename>, restore it.</para>
	      </step>

	      <step>
		<para><command>svn commit</command> these changes,
		  preferably in one step.</para>
	      </step>
	    </procedure>

	    <tip>
	      <para>The <command>addport</command> script mentioned in
		<xref linkend="ports-qa-adding"/> now detects when the
		port to add has previously existed, and attempts to
		handle all except the <filename>ports/LEGAL</filename>
		step automatically.</para>
	    </tip>
	  </answer>
	</qandaentry>
      </qandadiv>

      <qandadiv xml:id="ports-qa-repocopies">
	<title>Repository Copies</title>

	<qandaentry xml:id="ports-qa-repocopy-when">
	  <question>
	    <para>When do we need a repository copy?</para>
	  </question>

	  <answer>
	    <para>When you want to add a port that is related to any
	      port that is already in the tree in a separate
	      directory, you have to do a repository copy.  Here
	      <wordasword>related</wordasword> means it is a different
	      version or a slightly modified version.  Examples are
	      <filename>print/ghostscript*</filename> (different
	      versions) and <filename>x11-wm/windowmaker*</filename>
	      (English-only and internationalized version).</para>

	    <para>Another example is when a port is moved from one
	      subdirectory to another, or when the name of a directory
	      must be changed because the authors renamed their
	      software even though it is a descendant of a port
	      already in a tree.</para>
	  </answer>
	</qandaentry>

	<qandaentry xml:id="ports-qa-repocopy-how">
	  <question>
	    <para>What do I need to do?</para>
	  </question>

	  <answer>
	    <para>With Subversion, a repo copy can be done by any
	      committer:</para>

	    <itemizedlist>
	      <listitem>
		<para>Doing a repo copy:</para>

		<procedure>
		  <step>
		    <para>Verify that the target directory does
		      not exist.</para>
		  </step>

		  <step>
		    <para>Use <command>svn up</command> to make
		      certain the original files, directories, and
		      checkout information is current.</para>
		  </step>

		  <step>
		    <para>Use <command>svn move</command> or
		      <command>svn copy</command> to do the repo
		      copy.</para>
		  </step>

		  <step>
		    <para>Upgrade the copied port to the new version.
		      Remember to add or change the
		      <varname>PKGNAMEPREFIX</varname> or
		      <varname>PKGNAMESUFFIX</varname> so there are no
		      duplicate ports with the same name.  In some
		      rare cases it may be necessary to change the
		      <varname>PORTNAME</varname> instead of adding
		      <varname>PKGNAMEPREFIX</varname> or
		      <varname>PKGNAMESUFFIX</varname>, but this is
		      only done when it is really needed &mdash; for
		      example, using an existing port as the base for
		      a very similar program with a different name, or
		      upgrading a port to a new upstream version which
		      actually changes the distribution name, like the
		      transition from
		      <filename>textproc/libxml</filename> to
		      <filename>textproc/libxml2</filename>.  In most
		      cases, adding or changing
		      <varname>PKGNAMEPREFIX</varname> or
		      <varname>PKGNAMESUFFIX</varname>
		      suffices.</para>
		  </step>

		  <step>
		    <para>Add the new subdirectory to the
		      <varname>SUBDIR</varname> listing in the parent
		      directory <filename>Makefile</filename>.  You
		      can run <command>make checksubdirs</command> in
		      the parent directory to check this.</para>
		  </step>

		  <step>
		    <para>If the port changed categories, modify the
		      <varname>CATEGORIES</varname> line of the port's
		      <filename>Makefile</filename> accordingly</para>
		  </step>

		  <step>
		    <para>Add an entry to
		      <filename>ports/MOVED</filename>, if you remove
		      the original port.</para>
		  </step>

		  <step>
		    <para>Commit all changes on one commit.</para>
		  </step>
		</procedure>
	      </listitem>

	      <listitem>
		<para>When removing a port:</para>

		<procedure>
		  <step>
		    <para>Perform a thorough check of the ports
		      collection for any dependencies on the old port
		      location/name, and update them.  Running
		      <command>grep</command> on
		      <filename>INDEX</filename> is not enough because
		      some ports have dependencies enabled by
		      compile-time options.  A full
		      <command>grep -r</command> of the ports
		      collection is recommended.</para>
		  </step>

		  <step>
		    <para>Remove the old port and the
		      old <varname>SUBDIR</varname> entry.</para>
		  </step>

		  <step>
		    <para>Add an entry to
		      <filename>ports/MOVED</filename>.</para>
		  </step>
		</procedure>
	      </listitem>

	      <listitem>
		<para>After repo moves (<quote>rename</quote>
		  operations where a port is copied and the old
		  location is removed):</para>

		<procedure>
		  <step>
		    <para>Follow the same steps that are outlined in
		      the previous two entries, to activate the new
		      location of the port and remove the old
		      one.</para>
		  </step>
		</procedure>
	      </listitem>
	    </itemizedlist>
	  </answer>
	</qandaentry>
      </qandadiv>

      <qandadiv xml:id="ports-qa-freeze">
	<title>Ports Freeze</title>

	<qandaentry xml:id="ports-qa-freeze-what">
	  <question>
	    <para>What is a <quote>ports freeze</quote>?</para>
	  </question>

	  <answer>
	    <para>A <quote>ports freeze</quote> was a restricted state
	      the ports tree was put in before a release.  It was used
	      to ensure a higher quality for the packages shipped with
	      a release.  It usually lasted a couple of weeks.  During
	      that time, build problems were fixed, and the release
	      packages were built.  This practice is no longer used,
	      as the packages for the releases are built from the
	      current stable, quarterly branch.</para>

	    <para>For more information on how to merge commits to the
	      quarterly branch, see <xref
		linkend="ports-qa-misc-request-mfh"/>.</para>
	  </answer>
	</qandaentry>
      </qandadiv>

      <qandadiv xml:id="ports-qa-quarterly">
	<title>Quarterly Branches</title>

	<qandaentry xml:id="ports-qa-misc-request-mfh">
	  <question>
	    <para>What is the procedure to request authorization for
	      merging a commit to the quarterly branch?</para>
	  </question>

	  <answer>
	    <para>When doing the commit, add the branch name to the
	      <literal>MFH:</literal> line, for example:</para>

	    <programlisting>MFH:	<replaceable>2014Q1</replaceable></programlisting>

	    <para>It will automatically notify the &a.ports-secteam;
	      and the &a.portmgr;.  They will then decide if the
	      commit can be merged and answer with the
	      procedure.</para>

	    <para>If the commit has already been made, send an email
	      to the &a.ports-secteam; and the &a.portmgr; with the
	      revision number and a small description of why the
	      commit needs to be merged.</para>

	    <tip>
	      <para>If the MFH is covered by a blanket approval,
		please explain why with a couple of words on the
		<literal>MFH</literal> line, so that the reviewing
		team can skip this commit and save time.  For
		example:</para>

	      <programlisting>MFH:  <replaceable>2014Q1 (runtime fix)</replaceable>
MFH:  <replaceable>2014Q1 (browser blanket)</replaceable></programlisting>

	      <para>The list of blanket approvals is available in
		<xref linkend="ports-qa-blanket"/>.</para>
	    </tip>
	  </answer>
	</qandaentry>

	<qandaentry xml:id="ports-qa-blanket">
	  <question>
	    <para>Are there any changes that can be merged without
	      asking for approval?</para>
	  </question>

	  <answer>
	    <para>The following blanket approvals for merging to the
	      quarterly branches are in effect:</para>

	    <note>
	      <para>This blanket approval also applies to direct
		commits for ports that have been removed from
		<literal>head</literal>.</para>
	    </note>

	    <important>
	      <para>These fixes <emphasis>must</emphasis> be
		tested on the quarterly branch.</para>
	    </important>

	    <itemizedlist>

	      <listitem>
		<para>Fixes that do not result in a change in contents
		  of the resulting package.  For example:</para>

		<itemizedlist>
		  <listitem>
		    <para><filename>pkg-descr</filename>:
		      <literal>WWW:</literal> URL updates (existing
		      404, moved or incorrect)</para>
		  </listitem>
		</itemizedlist>
	      </listitem>

	      <listitem>
		<para>Build, runtime or packaging fixes, if the
		  quarterly branch version is currently broken.</para>
	      </listitem>

	      <listitem>
		<para>Missing dependencies (detected, linked against
		  but not registered via
		  <varname><replaceable>*</replaceable>_DEPENDS</varname>).</para>
	      </listitem>

	      <listitem>
		<para>Fixing <link
		    xlink:href="&url.books.porters-handbook;/uses-shebangfix.html">shebangs</link>,
		  stripping installed libraries and binaries, and
		  plist fixes.</para>
	      </listitem>

	      <listitem>
		<para>Backport of security and reliability fixes which
		  only result in <varname>PORTREVISION</varname> bumps
		  and no changes to enabled features.  for example,
		  adding a patch fixing a buffer overflow.</para>
	      </listitem>

	      <listitem>
		<para>Minor version changes that do nothing but fix
		  security or crash-related issues.</para>
	      </listitem>

	      <listitem>
		<para>Adding/fixing
		  <varname>CONFLICTS</varname>.</para>
	      </listitem>

	      <listitem>
		<para>Web Browsers, browser plugins, and their
		  required dependencies.</para>
	      </listitem>
	    </itemizedlist>

	    <important>
	      <para>Commits that are not covered by these blanket
		approvals always require explicit approval of either
		&a.ports-secteam; or &a.portmgr;.</para>
	    </important>
	  </answer>
	</qandaentry>

	<qandaentry xml:id="ports-qa-misc-commit-mfh">
	  <question>
	    <para>What is the procedure for merging commits to the
	      quarterly branch?</para>
	  </question>

	  <answer>
	    <para>A script is provided to automate merging a specific
	      commit: <filename>ports/Tools/scripts/mfh</filename>.
	      It is used as follows:</para>

	    <screen>&prompt.user; <userinput>/usr/ports/Tools/scripts/mfh 380362</userinput>
 U   2015Q1
Checked out revision 380443.
A    2015Q1/security
Updating '2015Q1/security/rubygem-sshkit':
A    2015Q1/security/rubygem-sshkit
A    2015Q1/security/rubygem-sshkit/Makefile
A    2015Q1/security/rubygem-sshkit/distinfo
A    2015Q1/security/rubygem-sshkit/pkg-descr
Updated to revision 380443.
--- Merging r380362 into '2015Q1':
U    2015Q1/security/rubygem-sshkit/Makefile
U    2015Q1/security/rubygem-sshkit/distinfo
--- Recording mergeinfo for merge of r380362 into '2015Q1':
 U   2015Q1
--- Recording mergeinfo for merge of r380362 into '2015Q1/security':
 G   2015Q1/security
--- Eliding mergeinfo from '2015Q1/security':
 U   2015Q1/security
--- Recording mergeinfo for merge of r380362 into '2015Q1/security/rubygem-sshkit':
 G   2015Q1/security/rubygem-sshkit
--- Eliding mergeinfo from '2015Q1/security/rubygem-sshkit':
 U   2015Q1/security/rubygem-sshkit
 M      2015Q1
M       2015Q1/security/rubygem-sshkit/Makefile
M       2015Q1/security/rubygem-sshkit/distinfo
Index: 2015Q1/security/rubygem-sshkit/Makefile
===================================================================
--- 2015Q1/security/rubygem-sshkit/Makefile     (revision 380443)
+++ 2015Q1/security/rubygem-sshkit/Makefile     (working copy)
@@ -2,7 +2,7 @@
 # $FreeBSD$

 PORTNAME=      sshkit
-PORTVERSION=   1.6.1
+PORTVERSION=   1.7.0
 CATEGORIES=    security rubygems
 MASTER_SITES=  RG

Index: 2015Q1/security/rubygem-sshkit/distinfo
===================================================================
--- 2015Q1/security/rubygem-sshkit/distinfo     (revision 380443)
+++ 2015Q1/security/rubygem-sshkit/distinfo     (working copy)
@@ -1,2 +1,2 @@
-SHA256 (rubygem/sshkit-1.6.1.gem) = 8ca67e46bb4ea50fdb0553cda77552f3e41b17a5aa919877d93875dfa22c03a7
-SIZE (rubygem/sshkit-1.6.1.gem) = 135680
+SHA256 (rubygem/sshkit-1.7.0.gem) = 90effd1813363bae7355f4a45ebc8335a8ca74acc8d0933ba6ee6d40f281a2cf
+SIZE (rubygem/sshkit-1.7.0.gem) = 136192
Index: 2015Q1
===================================================================
--- 2015Q1      (revision 380443)
+++ 2015Q1      (working copy)

Property changes on: 2015Q1
___________________________________________________________________
Modified: svn:mergeinfo
   Merged /head:r380362
Do you want to commit? (no = start a shell) [y/n]</screen>

	    <para>At that point, the script will either open a shell
	      for you to fix things, or open your text editor with the
	      commit message all prepared and then commit the
	      merge.</para>

	    <para>The script assumes that you can connect to
	      <literal>repo.FreeBSD.org</literal> with
	      <application>SSH</application> directly, so if your
	      local login name is different than your &os; cluster
	      account, you need a few lines in your
	      <filename>~/.ssh/config</filename>:</para>

	    <programlisting>Host *.freebsd.org
    User <replaceable>freebsd-login</replaceable></programlisting>

	    <tip>
	      <para>The script is also able to merge more than one
		revision at a time.  If there have been other updates
		to the port since the branch was created that have not
		been merged because they were not security related.
		Add the different revisions <emphasis>in the order
		  they were committed</emphasis> on the
		<command>mfh</command> line.  The new commit log
		message will contain the combined log messages from
		all the original commits.  These messages
		<emphasis>must</emphasis> be edited to show what is
		actually being done with the new commit.</para>

	      <screen>&prompt.user; <userinput>/usr/ports/Tools/scripts/mfh r407208 r407713 r407722 r408567 r408943 r410728</userinput></screen>
	    </tip>

	    <note>
	      <para>The mfh script can also take an optional first
		argument, the branch where the merge is being done.
		Only the latest quarterly branch is supported, so
		specifying the branch is discouraged.  To be safe, the
		script will give a warning if the quarterly branch is
		not the latest:</para>

	      <screen>&prompt.user; <userinput>/usr/ports/Tools/scripts/mfh 2016Q1 r407208 r407713</userinput>
/!\ The latest branch is 2016Q2, do you really want to commit to 2016Q1? [y/n]</screen>
	    </note>
	  </answer>
	</qandaentry>
      </qandadiv>

      <qandadiv xml:id="ports-qa-new-category">
	<title>Creating a New Category</title>

	<qandaentry xml:id="ports-qa-new-category-how">
	  <question>
	    <para>What is the procedure for creating a new
	      category?</para>
	  </question>

	  <answer>
	    <para>Please see <link
		xlink:href="&url.books.porters-handbook;/makefile-categories.html#proposing-categories">
		Proposing a New Category</link> in the Porter's
	      Handbook.  Once that procedure has been followed and the
	      PR has been assigned to the &a.portmgr;, it is their
	      decision whether or not to approve it.  If they do, it
	      is their responsibility to:</para>

	    <procedure>
	      <step>
		<para>Perform any needed moves.  (This only applies
		  to physical categories.)</para>
	      </step>

	      <step>
		<para>Update the <varname>VALID_CATEGORIES</varname>
		  definition in
		  <filename>ports/Mk/bsd.port.mk</filename>.</para>
	      </step>

	      <step>
		<para>Assign the PR back to you.</para>
	      </step>
	    </procedure>
	  </answer>
	</qandaentry>

	<qandaentry xml:id="ports-qa-new-category-physical">
	  <question>
	    <para>What do I need to do to implement a new physical
	      category?</para>
	  </question>

	  <answer>
	    <procedure>
	      <step>
		<para>Upgrade each moved port's
		  <filename>Makefile</filename>.  Do not connect the
		  new category to the build yet.</para>

		<para>To do this, you will need to:</para>

		<procedure>
		  <step>
		    <para>Change the port's
		      <varname>CATEGORIES</varname> (this was the
		      point of the exercise, remember?)  The new
		      category is listed
		      <emphasis>first</emphasis>.  This will help to
		      ensure that the <varname>PKGORIGIN</varname> is
		      correct.</para>
		  </step>

		  <step>
		    <para>Run a <command>make describe</command>.
		      Since the top-level
		      <command>make index</command> that you will be
		      running in a few steps is an iteration of
		      <command>make describe</command> over the entire
		      ports hierarchy, catching any errors here will
		      save you having to re-run that step later
		      on.</para>
		  </step>

		  <step>
		    <para>If you want to be really thorough, now
		      might be a good time to run
		      &man.portlint.1;.</para>
		  </step>
		</procedure>
	      </step>

	      <step>
		<para>Check that the <varname>PKGORIGIN</varname>s are
		  correct.  The ports system uses each port's
		  <varname>CATEGORIES</varname> entry to create its
		  <varname>PKGORIGIN</varname>, which is used to
		  connect installed packages to the port directory
		  they were built from.  If this entry is wrong,
		  common port tools like &man.pkg.version.1; and
		  &man.portupgrade.1; fail.</para>

		<para>To do this, use the
		  <filename>chkorigin.sh</filename> tool:
		  <command>env
		  PORTSDIR=<replaceable>/path/to/ports</replaceable>
		  sh -e
		  <replaceable>/path/to/ports</replaceable>/Tools/scripts/chkorigin.sh</command>.
		  This will check <emphasis>every</emphasis> port in
		  the ports tree, even those not connected to the
		  build, so you can run it directly after the move
		  operation.  Hint: do not forget to look at the
		  <varname>PKGORIGIN</varname>s of any slave ports of
		  the ports you just moved!</para>
	      </step>

	      <step>
		<para>On your own local system, test the proposed
		  changes: first, comment out the
		  <varname>SUBDIR</varname> entries in the old ports'
		  categories' <filename>Makefile</filename>s; then
		  enable building the new category in
		  <filename>ports/Makefile</filename>.  Run
		  <command>make checksubdirs</command> in the affected
		  category directories to check the
		  <varname>SUBDIR</varname> entries.  Next, in the
		  <filename>ports/</filename>
		  directory, run <command>make index</command>.  This
		  can take over 40 minutes on even modern systems;
		  however, it is a necessary step to prevent problems
		  for other people.</para>
	      </step>

	      <step>
		<para>Once this is done, you can commit the updated
		  <filename>ports/Makefile</filename> to connect the
		  new category to the build and also commit the
		  <filename>Makefile</filename> changes for the old
		  category or categories.</para>
	      </step>

	      <step>
		<para>Add appropriate entries to
		  <filename>ports/MOVED</filename>.</para>
	      </step>

	      <step>
		<para>Update the documentation by modifying:</para>

		<itemizedlist>
		  <listitem>
		    <para>the <link
			xlink:href="&url.books.porters-handbook;/makefile-categories.html#PORTING-CATEGORIES">list
			of categories</link> in the Porter's
		      Handbook</para>
		  </listitem>

		  <listitem>
		    <para><filename>doc/en_US.ISO8859-1/htdocs/ports</filename>.
		      Note that these are now displayed by sub-groups,
		      as specified in
		      <filename>doc/en_US.ISO8859-1/htdocs/ports/categories.descriptions</filename>.</para>
		  </listitem>
		</itemizedlist>

		<para>(Note: these are in the docs, not the ports,
		  repository).  If you are not a docs committer, you
		  will need to submit a PR for this.</para>
	      </step>

	      <step>
		<para>Only once all the above have been done, and no
		  one is any longer reporting problems with the new
		  ports, should the old ports be deleted from their
		  previous locations in the repository.</para>
	      </step>
	    </procedure>

	    <para>It is not necessary to manually update the
	      <link xlink:href="&url.base;/ports/index.html">ports web
		pages</link> to reflect the new category.  This is
	      done automatically via the change to
	      <filename>en_US.ISO8859-1/htdocs/ports/categories</filename>
	      and the automated rebuild of
	      <filename>INDEX</filename>.</para>
	  </answer>
	</qandaentry>

	<qandaentry xml:id="ports-qa-new-category-virtual">
	  <question>
	    <para>What do I need to do to implement a new virtual
	      category?</para>
	  </question>

	  <answer>
	    <para>This is much simpler than a physical category.  Only
	      a few modifications are needed:</para>

	    <itemizedlist>
	      <listitem>
		<para>the <link
		    xlink:href="&url.books.porters-handbook;/makefile-categories.html#PORTING-CATEGORIES">list
		    of categories</link> in the Porter's
		  Handbook</para>
	      </listitem>

	      <listitem>
		<para><filename>en_US.ISO8859-1/htdocs/ports/categories</filename></para>
	      </listitem>
	    </itemizedlist>
	  </answer>
	</qandaentry>
      </qandadiv>

      <qandadiv xml:id="ports-qa-misc-questions">
	<title>Miscellaneous Questions</title>

	<qandaentry xml:id="ports-qa-misc-blanket-approval">
	  <question>
	    <para>Are there changes that can be committed without
	      asking the maintainer for approval?</para>
	  </question>

	  <answer>
	    <para>Blanket approval for most ports applies to these
	      types of fixes:</para>

	    <itemizedlist>
	      <listitem>
		<para>Most infrastructure changes to a port (that is,
		  modernizing, but not changing the functionality).
		  For example, the blanket covers converting to new
		  <varname>USES</varname> macros, enabling verbose
		  builds, and switching to new ports system
		  syntaxes.</para>
	      </listitem>

	      <listitem>
		<para>Trivial and <emphasis>tested</emphasis> build
		  and runtime fixes.</para>
	      </listitem>

	      <listitem>
		<para>Documentations or metadata changes to ports,
		  like <filename>pkg-descr</filename> or
		  <varname>COMMENT</varname>.</para>
	      </listitem>
	    </itemizedlist>

	    <important>
	      <para>Exceptions to this are anything maintained by the
		&a.portmgr;, or the &a.security-officer;.  No
		unauthorized commits may ever be made to ports
		maintained by those groups.</para>
	    </important>

	  </answer>
	</qandaentry>

	<qandaentry xml:id="ports-qa-misc-correctly-building">
	  <question>
	    <para>How do I know if my port is building correctly or
	      not?</para>
	  </question>

	  <answer>
	    <para>The packages are built multiple times each week.  If
	      a port fails, the maintainer will receive an email from
	      <literal>pkg-fallout@FreeBSD.org</literal>.</para>

	    <para>Reports for all the package builds (official,
	      experimental, and non-regression) are aggregated at
	      <link
		xlink:href="https://pkg-status.freebsd.org/">pkg-status.FreeBSD.org</link>.</para>
	  </answer>
	</qandaentry>

	<qandaentry xml:id="ports-qa-misc-INDEX">
	  <question>
	    <para>I added a new port.  Do I need to add it to the
	      <filename>INDEX</filename>?</para>
	  </question>

	  <answer>
	    <para>No.  The file can either be generated by running
	      <command>make index</command>, or a pre-generated
	      version can be downloaded with
	      <command>make fetchindex</command>.</para>
	  </answer>
	</qandaentry>

	<qandaentry xml:id="ports-qa-misc-no-touch">
	  <question>
	    <para>Are there any other files I am not allowed to
	      touch?</para>
	  </question>

	  <answer>
	    <para>Any file directly under <filename>ports/</filename>,
	      or any file under a subdirectory that starts with an
	      uppercase letter (<filename>Mk/</filename>,
	      <filename>Tools/</filename>, etc.).  In particular, the
	      &a.portmgr; is very protective of
	      <filename>ports/Mk/bsd.port*.mk</filename> so do not
	      commit changes to those files unless you want to face
	      their wrath.</para>
	  </answer>
	</qandaentry>

	<qandaentry xml:id="ports-qa-misc-updated-distfile">
	  <question>
	    <para>What is the proper procedure for updating the
	      checksum for a port distfile when the file changes
	      without a version change?</para>
	  </question>

	  <answer>
	    <para>When the checksum for a distribution file is updated
	      due to the author updating the file without changing the
	      port revision, the commit message includes a
	      summary of the relevant diffs between the original and
	      new distfile to ensure that the distfile has not been
	      corrupted or maliciously altered.  If the current
	      version of the port has been in the ports tree for a
	      while, a copy of the old distfile will usually be
	      available on the ftp servers; otherwise the author or
	      maintainer should be contacted to find out why the
	      distfile has changed.</para>
	  </answer>
	</qandaentry>

	<qandaentry xml:id="ports-exp-run">
	  <question>
	    <para>How can an experimental test build of the ports tree
	      (<emphasis>exp-run</emphasis>) be requested?</para>
	  </question>

	  <answer>
	    <para>An exp-run must be completed before patches with a
	      significant ports impact are committed.  The patch can
	      be against the ports tree or the base system.</para>

	    <para>Full package builds will be done with the patches
	      provided by the submitter, and the submitter is required
	      to fix detected problems (<emphasis>fallout</emphasis>)
	      before commit.</para>

	    <procedure>
	      <step>
		<para>Go to the <link
		    xlink:href="https://bugs.freebsd.org/submit">Bugzilla
		    new <acronym>PR</acronym> page</link>.</para>
	      </step>

	      <step>
		<para>Select the product your patch is about.</para>
	      </step>

	      <step>
		<para>Fill in the bug report as normal.  Remember to
		  attach the patch.</para>
	      </step>

	      <step>
		<para>If at the top it says <quote>Show Advanced
		    Fields</quote> click on it.  It will now say
		  <quote>Hide Advanced Fields</quote>.  Many new
		  fields will be available.  If it already says
		  <quote>Hide Advanced Fields</quote>, no need to do
		  anything.</para>
	      </step>

	      <step>
		<para>In the <quote>Flags</quote> section, set the
		  <quote>exp-run</quote> one to <literal>?</literal>.
		  As for all other fields, hovering the mouse over any
		  field shows more details.</para>
	      </step>

	      <step>
		<para>Submit.  Wait for the build to run.</para>
	      </step>

	      <step>
		<para>&a.portmgr; will reply with a possible
		  fallout.</para>
	      </step>

	      <step>
		<para>Depending on the fallout:</para>

		<stepalternatives>
		  <step>
		    <para>If there is no fallout, the procedure stops
		      here, and the change can be committed, pending
		      any other approval required.</para>
		  </step>

		  <step>
		    <substeps>
		      <step>
			<para>If there is fallout, it
			  <emphasis>must</emphasis> be fixed, either
			  by fixing the ports directly in the ports
			  tree, or adding to the submitted
			  patch.</para>
		      </step>

		      <step>
			<para>When this is done, go back to step 6
			  saying the fallout was fixed and wait for
			  the exp-run to be run again.  Repeat as long
			  as there are broken ports.</para>
		      </step>
		    </substeps>
		  </step>
		</stepalternatives>
	      </step>
	    </procedure>
	  </answer>
	</qandaentry>
      </qandadiv>
    </qandaset>
  </sect1>

  <sect1 xml:id="non-committers">
    <title>Issues Specific to Developers Who Are Not
      Committers</title>

    <para>A few people who have access to the &os; machines do not
      have commit bits.  Almost all of this document will apply to
      these developers as well (except things specific to commits and
      the mailing list memberships that go with them).  In particular,
      we recommend that you read:</para>

    <itemizedlist>
      <listitem>
	<para><link linkend="admin">Administrative
	    Details</link></para>
      </listitem>

      <listitem>
	<para><link
	    linkend="conventions-everyone">Conventions</link></para>

	<note>
	  <para>Get your mentor to add you to the
	    <quote>Additional Contributors</quote>
	    (<filename>doc/en_US.ISO8859-1/articles/contributors/contrib.additional.xml</filename>),
	    if you are not already listed there.</para>
	</note>
      </listitem>

      <listitem>
	<para><link linkend="developer.relations">Developer
	    Relations</link></para>
      </listitem>

      <listitem>
	<para><link linkend="ssh.guide">SSH Quick-Start
	    Guide</link></para>
      </listitem>

      <listitem>
	<para><link linkend="rules">The &os; Committers' Big List
	    of Rules</link></para>
      </listitem>
    </itemizedlist>

  </sect1>

  <sect1 xml:id="google-analytics">
    <title>Information About &ga;</title>

    <para>As of December 12, 2012, &ga; was enabled on the
      &os;&nbsp;Project website to collect anonymized usage statistics
      regarding usage of the site.  The information collected is
      valuable to the &os;&nbsp;Documentation Project, to
      identify various problems on the &os; website.</para>

    <sect2 xml:id="google-analytics-policy">
      <title>&ga; General Policy</title>

      <para>The &os;&nbsp;Project takes visitor privacy very
	seriously.  As such, the &os;&nbsp;Project website honors the
	<quote>Do Not Track</quote> header <emphasis>before</emphasis>
	fetching the tracking code from Google.  For more information,
	please see the
	<link xlink:href="https://www.FreeBSD.org/privacy.html">&os;
	  Privacy Policy</link>.</para>

      <para>&ga; access is <emphasis>not</emphasis> arbitrarily
	allowed &mdash; access must be requested, voted on by the
	&a.doceng;, and explicitly granted.</para>

      <para>Requests for &ga; data must include a specific purpose.
	For example, a valid reason for requesting access would be
	<quote>to see the most frequently used web browsers when
	  viewing &os; web pages to ensure page rendering speeds are
	  acceptable.</quote></para>

      <para>Conversely, <quote>to see what web browsers are most
	  frequently used</quote> (without stating
	<emphasis>why</emphasis>) would be rejected.</para>

      <para>All requests must include the timeframe for which the data
	would be required.  For example, it must be explicitly stated
	if the requested data would be needed for a timeframe covering
	a span of 3 weeks, or if the request would be one-time
	only.</para>

      <para>Any request for &ga; data without a clear, reasonable
	reason beneficial to the &os;&nbsp;Project will be
	rejected.</para>
    </sect2>

    <sect2 xml:id="google-analytics-data">
      <title>Data Available Through &ga;</title>

      <para>A few examples of the types of &ga; data available
	include:</para>

      <itemizedlist>
	<listitem>
	  <para>Commonly used web browsers</para>
	</listitem>

	<listitem>
	  <para>Page load times</para>
	</listitem>

	<listitem>
	  <para>Site access by language</para>
	</listitem>
      </itemizedlist>
    </sect2>
  </sect1>

  <sect1 xml:id="misc">
    <title>Miscellaneous Questions</title>

    <qandaset>
      <qandaentry>
	<question>
	  <para>How do I add a new file to a branch?</para>
	</question>

	<answer>
	  <para>To add a file onto a branch, simply checkout or update
	    to the branch you want to add to and then add the file
	    using the add operation as you normally would.  This works
	    fine for the <literal>doc</literal> and
	    <literal>ports</literal> trees.  The
	    <literal>src</literal> tree uses SVN and requires more
	    care because of the <literal>mergeinfo</literal>
	    properties.  See the
	    <link linkend="subversion-primer">Subversion Primer</link>
	    for details on how to perform an MFC.</para>
	</answer>
      </qandaentry>

      <qandaentry>
	<question>
	  <para>How do I access <systemitem
	      class="fqdomainname">people.FreeBSD.org</systemitem> to
	    put up personal or project information?</para>
	</question>

	<answer>
	  <para><systemitem
	      class="fqdomainname">people.FreeBSD.org</systemitem> is
	    the same as <systemitem
	      class="fqdomainname">freefall.FreeBSD.org</systemitem>.
	    Just create a <filename>public_html</filename> directory.
	    Anything you place in that directory will automatically be
	    visible under <uri
	      xlink:href="https://people.FreeBSD.org/">https://people.FreeBSD.org/</uri>.</para>
	</answer>
      </qandaentry>

      <qandaentry>
	<question>
	  <para>Where are the mailing list archives stored?</para>
	</question>

	<answer>
	  <para>The mailing lists are archived under
	    <filename>/local/mail</filename> on <systemitem
	      class="fqdomainname"
	      >freefall.FreeBSD.org</systemitem>.</para>
	</answer>
      </qandaentry>

      <qandaentry>
	<question>
	  <para>I would like to mentor a new committer.  What process
	    do I need to follow?</para>
	</question>

	<answer>
	  <para>See the <link
	      xlink:href="https://www.freebsd.org/internal/new-account.html">New
	      Account Creation Procedure</link> document on the
	    internal pages.</para>
	</answer>
      </qandaentry>
    </qandaset>
  </sect1>

  <sect1 xml:id="benefits">
    <title>Benefits and Perks for &os; Committers</title>

    <sect2 xml:id="benefits-recognition">
      <title>Recognition</title>

      <para>Recognition as a competent software engineer is the
	longest lasting value.  In addition, getting a chance to work
	with some of the best people that every engineer would dream
	of meeting is a great perk!</para>
    </sect2>

    <sect2 xml:id="benefits-freebsdmall">
      <title>FreeBSD Mall</title>

      <para>&os; committers can get a free 4-CD or DVD set at
	conferences from
	<link xlink:href="http://www.freebsdmall.com">&os; Mall,
	  Inc.</link>.</para>
    </sect2>

    <sect2 xml:id="benefits-irc">
      <title><acronym>IRC</acronym></title>

      <para>In addition, developers may request a cloaked hostmask
	for their account on the Freenode IRC network in the form
	of
	<literal>freebsd/developer/</literal><replaceable>freefall
	  name</replaceable> or
	<literal>freebsd/developer/</literal><replaceable>NickServ
	  name</replaceable>.  To request a cloak, send an email to
	&a.irc.email; with your requested hostmask and NickServ
	account name.</para>
    </sect2>

    <sect2 xml:id="benefits-gandi">
      <title><systemitem
	  class="domainname">Gandi.net</systemitem></title>

      <para>Gandi provides website hosting, cloud computing, domain
	registration, and X.509 certificate services.</para>

      <para>Gandi offers an E-rate discount to all &os; developers.
	Send mail to <email>non-profit@gandi.net</email> using your
	<literal>@freebsd.org</literal> mail address, and indicate
	your Gandi handle.</para>
    </sect2>
  </sect1>
</article>