Main

• Home
• News
• Instructions
• Packages
• Mailinglists
• Contribute

Documentation

• FAQ

Miscellaneous

• Uploaders
  • Jessie
  • Jessie-sloppy
  • Stretch
• NEW Queue
• Diffstats
  • jessie
  • jessie-sloppy
  • stretch
• Feedback

Packaging

Introduction

The packages on debian-backports are made by volunteers. If you like to help with backporting packages from the Debian archive, make sure you follow these guidelines.

Uploading

Debian Developers

All Debian Developers (DD) can get their uid into the backports ACL. If you want to get include please open a ticket in the debian request tracker - please use the backports queue for the ticket. (See wiki for more information about the request tracker). Once your UID is added, wait an hour for the cronjob to import your upload rights and you can start uploading.

The upload happens in the same way as normal uploads to the archive happens, just the distribution have to match one of the backports distributions (jessie-backports, jessie-backports-sloppy, stretch-backports)

The special host in dupload/dput that was needed in the past is now obsolete and doesn't work anymore.

Debian Maintainers

Debian Maintainers (DM) can also get their uid into the backports ACL. Please follow the instructions for Debian Developers.

Please note that:

• Any upload of a package that has to pass through the backports NEW queue (e.g. package not already in that specific backports suite, package adds a new binary package, etc.) needs to be sponsored by a Debian Developer and cannot be done by a Debian Maintainer themselves. (Same as uploading to unstable.) Otherwise, DMs may upload directly.
• The Debian Maintainer needs to have upload rights for the specific package they want to upload to backports (the same right they need for uploading that package to unstable), otherwise the upload will not succeed. Therefore, if you are a DM that isn't also maintaining the package in unstable, please talk to the regular maintainer first before requesting upload rights for that package. (It is considered good practice to inform the maintainer regardless, see below.) See the DebianMaintainer page in the Debian wiki for instructions for DDs on how to give upload rights to DMs.

Non Debian Developer

If you are not a Debian Developer, please upload your backport somewhere (binaries and sources, e.g. to mentors.debian.net), post a link to its .dsc file on debian-backports@lists.debian.org and ask for review and upload.

Some important note

Please note, that you are responsible for this backport from the time on when it was accepted on debian-backports. This means, you have to keep track of the changes in unstable, update your backport when a new version enters testing and provide security updates when needed. If you are not willing or capable of doing this, you better ask someone else (e.g. on the mentioned mailing list) to create and maintain the backport.

Supported Distributions

The following distributions are supported for backports. Please don't use unstable or stable as target distribution.

Source Distribution	Backports Distribution	Version suffix
stretch	jessie-backports	~bpo8+1
buster	stretch-backports or jessie-backports-sloppy	~bpo9+1 or ~bpo8+1

Basic Rules

• Subscribe to the backports mailing list. Every announcement and bug report should come over this mailing list, so this is a must.
• Make sure that you have a proper build environment that only contains the suite for which the backport is for (e.g. jessie if you want to upload to jessie-backports) and no unneeded backports. Maybe you want to consider pbuilder or cowbuilder for building packages.
• Append "~bpo${debian_release}+${build_int}" to the version number, e.g. "1.2.3-4" now becomes "1.2.3-4~bpo8+1", or for native packages, "1.2.3" becomes "1.2.3~bpo8+1".
• Please only upload package with a notable userbase. User request for the package may be an indicator.
• Don't backport minor version changes without any user visible changes or bugfixes
• To guarantee an upgrade path from stable+backports to the next stable, the package should be in testing.. Of course there are some exceptions: Security updates. If your package had a security update you can upload a new backport even if its not yet in testing. If you have good reasons to update a package which is already is in backports with a newer version from unstable (which is intended for testing), come and speak to us. Common exceptions are: critical bugs fixed, library transitions.
• Do not do any changes to the package beside of backporting stuff.
• It is recommended to include all changelog entries since the last version on debian-backports or since stable if it's the first version. You should do this by passing "-v" to dpkg-buildpackage. Eg: "debuild -v0.7.5-2", where "0.7.5-2" is the version in stable. If the package wasn't in stable or backports before you don't have include the changelog entries (but you are free to do so). It helps others to follow the changes introduced with the backport (by reading the changes mailing list).
• Before uploading please think about how useful the package is for stable users and if you want to support the package until support for the distribution you uploaded ends. You should consider adding yourself to the Uploaders field of the debian/control file or subscribing to the package though PTS. What is important is that you track the package for the lifetime of the release cycle (stable and oldstable).
• Backports of an updated version of a package that was backported before may have a changelog that merges entries of backports of previous versions, but this is not required.
• If the packages lists a VCS in the debian/control file, please ask the maintainer of the package to add your changes there, or ask for permission to do it yourself.

If you feel you would need to diverge from these rules, either discuss it on the mailing list or bring it up with the Backports Team for an exception.

Uploads for old-stable backports

With the release of a new stable version uploading packages with versions greater than in new stable or new stable-security are not allowed. If you want newer package versions in old-stable-backports we created a new suite for that: oldstable-backports-sloppy. So if you want to upload a package from buster to jessie-backports use jessie-backports-sloppy as target distribution.

Additionally

• Do not lower the standards version, it is just useless.
• Do not add lintian/linda overrides to suppress the 'wrong-distribution' warnings.
• Do always look at the interdiff between the testing version and the backports version, keep in mind that it should be as minimal as possible.
• Do write good changelogs and document all changes you needed to do in order to make it run on stable.

Security Uploads

If you upload a package which fixes security related problem please create a ticket in the debian request tracker - please use the backports queue for the ticket. (See wiki for more information about the request tracker).

Please follow the following template and provide us with the required information to write a BSA. Please don't wait for the BSA and upload immediatly.

Subject: [BSA-XXX] Security Update for <packagename>

<Uploader> uploaded new packages for <packagename> which fixed the
following security problems:

CVE-XXXX or whatever ID if existant
  short description 
  ...
CVE-.... 
  ....

For the stretch-backports distribution the problems have been fixed in
version <packageversion>.

<other distributions if any> 

Best Practice

Check NEW queue

Check the NEW queue at https://ftp-master.debian.org/backports-new.html to avoid double efforts before you start to backport something.

Inform the Maintainer

It is a good idea to contact the maintainer of the package in Debian prior to your upload to let them know or even share ideas and common pitfalls (like special dependencies). If you are not already subscribed to debian-backports@lists.debian.org, please do so. There might be questions/problems from users regarding your backport(s) which you can answer best and hopefully solve. Also it is adviced to subscribe to the bug reports for the package through the PTS to be notified about issues that potential affect the backport too and would be a good reason to update the backports.

Inform the Backporter

If there is already a backport of your package of choice but it's outdated and you want to update it please inform the person who backported the last accepted version about your intentions. You can get the information from https://backports.debian.org/changes/stretch-backports.html

Uploaders

If you put yourself into the Uploaders: field in debian/control you can easily track your backports on the package overview at https://qa.debian.org/developer.php. Alternatively you can use the subscribe feature of the DDPO to have them listed.