1. Packaging
    1. Introduction
  2. Uploading
    1. Debian Developers
    2. Non Debian Developer
    3. Some important note
    4. Basic Rules
    5. Uploads for old-stable backports
    6. Additionally
  3. Security Uploads
  4. Best Practice
    1. Check NEW queue
    2. Inform the Maintainer
    3. Inform the Backporter
    4. Uploaders

Packaging

Introduction

The packages on debian-backports are made by volunteers. If you like to help with backporting packages from the Debian archive, make sure you follow these guidelines.

Uploading

Debian Developers

All Debian Developers (DD) can get their uid into the backports ACL. If you want to get include please open a ticket in the debian request tracker - please use the backports queue for the ticket. (See wiki for more information about the request tracker). Once your UID is added, wait an hour for the cronjob to import your upload rights and you can start uploading.

The upload happens in the same way as normal uploads to the archive happens, just the distribution have to match one of the backports distributions (squeeze-backports, squeeze-backports-sloppy, wheezy-backports)

The special host in dupload/dput that was needed in the past is now obsolete and doesn't work anymore.

Non Debian Developer

If you are not a Debian Developer, please upload your backport somewhere (binaries and sources, e.g. to mentors.debian.net), post a link to its .dsc file on debian-backports@lists.debian.org and ask for review and upload.

Some important note

Please note, that you are responsible for this backport from the time on when it was accepted on debian-backports. This means, you have to keep track of the changes in unstable, update your backport when a new version enters testing and provide security updates when needed. If you are not willing or capable of doing this, you better ask someone else (e.g. on the mentioned mailinglist) to create and maintain the backport.

Basic Rules

If you feel you would need to diverge from these rules, either discuss it on the mailinglist or bring it up with the Backports Team for an exception.

Uploads for old-stable backports

With the release of a new stable version uploading packages with versions greater than in new stable or new stable-security are not allowed. If you want newer package versions in old-stable-backports we created a new suite for that: old-stable-backports-sloppy. So if you want to upload a package from wheezy to lenny-backports use lenny-backports-sloppy a distribution.

Additionally

Security Uploads

If you upload a package which fixes security related problems please send a gpg inline signed mail to the debian-backports-announce mailinglist.

In advance ask backports-team@debian.org for a new BSA number.

Your mail should follow this template:

Subject: [BSA-XXX] Security Update for <packagename>

<Uploader> uploaded new packages for <packagename> which fixed the
following security problems:

CVE-XXXX or whatever ID if existant
  short description 
  ...
CVE-.... 
  ....

For the squeeze-backports distribution the problems have been fixed in
version <packageversion>.

<other distributions if any> 

The Mailinglist is moderated so please be a little bit patient if your post does not appear immediately on the list.

Best Practice

Check NEW queue

Check the NEW queue at http://ftp-master.debian.org/backports-new.html to avoid double efforts before you start to backport something.

Inform the Maintainer

It is a good idea to contact the maintainer of the package in Debian prior to your upload to let them know or even share ideas and common pitfalls (like special dependencies). If you are not already subscribed to debian-backports@lists.debian.org, please do so. There might be questions/problems from users regarding your backport(s) which you can answer best and hopefully solve. Also it is adviced to subscribe to the bugreports for the package through the PTS to be notified about issues that potential affect the backport too and would be a good reason to update the backports.

Inform the Backporter

If there is already a backport of your package of choice but it's outdated and you want to update it please inform the person who backported the last accepted version about your intensions. You can get the information from http://backports.debian.org/changes/squeeze-backports.html

Uploaders

If you put yourself into the Uploaders: field in debian/control you can easily track your backports on the package overview at http://qa.debian.org/developer.php. Alternatively you can use the subscribe feature of the DDPO to have them listed.