1. Packaging
    1. Introduction
  2. Uploading
    1. Debian Developers
    2. Debian Maintainers
    3. Non Debian Developer
    4. Some important note
    5. Supported Distributions
    6. Basic Rules
    7. Uploads for old-stable backports
    8. Additionally
  3. Security Uploads
  4. Best Practice
    1. Check NEW queue
    2. Inform the Maintainer
    3. Inform the Backporter
    4. Uploaders



The packages on debian-backports are made by volunteers. If you like to help with backporting packages from the Debian archive, make sure you follow these guidelines.


Debian Developers

All Debian Developers (DD) can get their uid into the backports ACL. If you want to get include please open a ticket in the debian request tracker - please use the backports queue for the ticket. (See wiki for more information about the request tracker). Once your UID is added, wait an hour for the cronjob to import your upload rights and you can start uploading.

The upload happens in the same way as normal uploads to the archive happens, just the distribution have to match one of the backports distributions (jessie-backports, jessie-backports-sloppy, stretch-backports)

The special host in dupload/dput that was needed in the past is now obsolete and doesn't work anymore.

Debian Maintainers

Debian Maintainers (DM) can also get their uid into the backports ACL. Please follow the instructions for Debian Developers.

Please note that:

Non Debian Developer

If you are not a Debian Developer, please upload your backport somewhere (binaries and sources, e.g. to mentors.debian.net), post a link to its .dsc file on debian-backports@lists.debian.org and ask for review and upload.

Some important note

Please note, that you are responsible for this backport from the time on when it was accepted on debian-backports. This means, you have to keep track of the changes in unstable, update your backport when a new version enters testing and provide security updates when needed. If you are not willing or capable of doing this, you better ask someone else (e.g. on the mentioned mailing list) to create and maintain the backport.

Supported Distributions

The following distributions are supported for backports. Please don't use unstable or stable as target distribution.

Source Distribution Backports Distribution Version suffix
stretch jessie-backports ~bpo8+1
buster stretch-backports or jessie-backports-sloppy ~bpo9+1 or ~bpo8+1

Basic Rules

If you feel you would need to diverge from these rules, either discuss it on the mailing list or bring it up with the Backports Team for an exception.

Uploads for old-stable backports

With the release of a new stable version uploading packages with versions greater than in new stable or new stable-security are not allowed. If you want newer package versions in old-stable-backports we created a new suite for that: oldstable-backports-sloppy. So if you want to upload a package from buster to jessie-backports use jessie-backports-sloppy as target distribution.


Security Uploads

If you upload a package which fixes security related problem please create a ticket in the debian request tracker - please use the backports queue for the ticket. (See wiki for more information about the request tracker).

Please follow the following template and provide us with the required information to write a BSA. Please don't wait for the BSA and upload immediatly.

Subject: [BSA-XXX] Security Update for <packagename>

<Uploader> uploaded new packages for <packagename> which fixed the
following security problems:

CVE-XXXX or whatever ID if existant
  short description 

For the stretch-backports distribution the problems have been fixed in
version <packageversion>.

<other distributions if any> 

Best Practice

Check NEW queue

Check the NEW queue at https://ftp-master.debian.org/backports-new.html to avoid double efforts before you start to backport something.

Inform the Maintainer

It is a good idea to contact the maintainer of the package in Debian prior to your upload to let them know or even share ideas and common pitfalls (like special dependencies). If you are not already subscribed to debian-backports@lists.debian.org, please do so. There might be questions/problems from users regarding your backport(s) which you can answer best and hopefully solve. Also it is adviced to subscribe to the bug reports for the package through the PTS to be notified about issues that potential affect the backport too and would be a good reason to update the backports.

Inform the Backporter

If there is already a backport of your package of choice but it's outdated and you want to update it please inform the person who backported the last accepted version about your intentions. You can get the information from https://backports.debian.org/changes/stretch-backports.html


If you put yourself into the Uploaders: field in debian/control you can easily track your backports on the package overview at https://qa.debian.org/developer.php. Alternatively you can use the subscribe feature of the DDPO to have them listed.