1. Packaging
    1. Introduction
  2. Eligibility
    1. Package
    2. Maintainer
    3. Supported Distributions
  3. Packaging
  4. Security Uploads

Packaging

Introduction

The packages on debian-backports are made by volunteers. If you like to help with backporting packages from the Debian archive, make sure you follow these guidelines or ask on the mailing list for clarification.

Backports are about additional features that are only offered in a new version, not a replacement for getting fixes into stable - use stable-updates for that. Backports tracks testing and only package versions included in testing are allowed in it, subject to a few expedient exceptions.

Eligibility

If you feel you would need to diverge from these rules, either discuss it on the mailing list or bring it up with the Backports Team for an exception.

Package

Maintainer

Please note, that you are responsible for this backport from the time on when it was accepted on debian-backports. This means, you have to keep track of the changes in unstable, update your backport when a new version enters testing and provide security updates when needed. If you are not willing or capable of doing this, you better ask someone else (e.g. on the mailing list) to create and maintain the backport.

An Uploader for the unstable package is the ideal person to maintain a backport since they're already following the testing migration, so please contact them in the first instance (e.g. by raising a wishlist bug). However it is by no means required - perhaps they're not interested in supporting the full release cycle, but they know about complicated dependencies you should discuss.

Supported Distributions

The following distributions are supported for backports. Please don't use unstable or stable as target distribution. Append "~bpo${release}+${build}" to the version number, e.g. "1.2-3" becomes "1.2-3~bpo10+1" (or use dch --bpo).

Source Distribution Backports Distribution Sloppy Distribution
bookworm bullseye-backports -
trixie bookworm-backports bullseye-backports-sloppy

With the release of a new stable version uploading packages with versions greater than in new stable or new stable-security are not allowed. So if you want to upload a new package version from e.g. bookworm to buster, use buster-backports-sloppy as the target distribution. Please make sure that there is an upgrade path though, which means that you should also keep the package updated in bookworm-backports alongside.

Packaging

Security Uploads

If you upload a package which fixes a security related problem please create a merge request against backports website. Please increment the BSA numbers file BSA numbers file and check if there is already a pending merge request to ensure no number is used twice.

After you did so please send a signed mail that useses the following template and send it to debian-backports-announce@lists.debian.org.

Please don't wait for the merge request and upload / send the mail immediately.

Subject: [BSA-XXX] Security Update for <packagename>

<Uploader> uploaded new packages for <packagename> which fixed the
following security problems:

CVE-XXXX or whatever ID if existant
  short description
  ...
CVE-....
  ....

For the bullseye-backports distribution the problems have been fixed in
version <packageversion>.

<other distributions if any>