1. Packaging
    1. Introduction
  2. Eligibility
    1. Package
    2. Maintainer
    3. Supported Distributions
  3. Packaging
  4. Security Uploads

Packaging

Introduction

The packages on debian-backports are made by volunteers. If you like to help with backporting packages from the Debian archive, make sure you follow these guidelines or ask on the mailing list for clarification.

Backports are about additional features that are only offered in a new version, not a replacement for getting fixes into stable - use stable-updates for that. Backports tracks testing and only package versions included in testing are allowed in it, subject to a few expedient exceptions.

Eligibility

If you feel you would need to diverge from these rules, either discuss it on the mailing list or bring it up with the Backports Team for an exception.

Package

Maintainer

Please note, that you are responsible for this backport from the time on when it was accepted on debian-backports. This means, you have to keep track of the changes in unstable, update your backport when a new version enters testing and provide security updates when needed. If you are not willing or capable of doing this, you better ask someone else (e.g. on the mailing list) to create and maintain the backport.

An Uploader for the unstable package is the ideal person to maintain a backport since they're already following the testing migration, so please contact them in the first instance (e.g. by raising a wishlist bug). However it is by no means required - perhaps they're not interested in supporting the full release cycle, but they know about complicated dependencies you should discuss.

Supported Distributions

The following distributions are supported for backports. Please don't use unstable or stable as target distribution. Append "~bpo${release}+${build}" to the version number, e.g. "1.2-3" becomes "1.2-3~bpo9+1" (or use dch --bpo).

Source Distribution Backports Distribution
buster stretch-backports

With the release of a new stable version uploading packages with versions greater than in new stable or new stable-security are not allowed. So if you want to upload a new package version from e.g. bullseye to stretch, use stretch-backports-sloppy as the target distribution.

Packaging

Security Uploads

If you upload a package which fixes a security related problem please create a ticket in the backports queue on the RT.

Please follow the following template and provide us with the required information to write a BSA. Please don't wait for the BSA and upload immediately.

Subject: [BSA-XXX] Security Update for <packagename>

<Uploader> uploaded new packages for <packagename> which fixed the
following security problems:

CVE-XXXX or whatever ID if existant
  short description
  ...
CVE-....
  ....

For the stretch-backports distribution the problems have been fixed in
version <packageversion>.

<other distributions if any>