Packaging
Introduction
The packages on debian-backports are made by volunteers. If you like to help with backporting packages from the Debian archive, make sure you follow these guidelines.
Uploading
Debian Developers
All Debian Developers (DD) can get their key added to the backports keyring. If you want to get include please open a ticket in the debian request tracker - please use the backports queue for the ticket. (See wiki for more information about the request tracker). Once your key is imported, you can start uploading. If you are using dupload on testing/sid (there is a patched version of dput on debian-backports already), you can add
package config;
$cfg{'bpo'} = {
fqdn => "backports-master.debian.org",
incoming => "/pub/UploadQueue/",
};
1
to your ~/.dupload.conf file. For dput, the upload host "backports" is defined in the global configuration already. If you formerly used a snippet in your ~/.dput.cf file, be invited to remove that again.
Non Debian Developer
If you are not a Debian Developer, please upload your backport somewhere (binaries and sources, e.g. to mentors.debian.net), post a link to its .dsc file on debian-backports@lists.debian.org and ask for review and upload.
Some important note
Please note, that you are responsible for this backport from the time on when it was accepted on debian-backports. This means, you have to keep track of the changes in unstable, update your backport when a new version enters testing and provide security updates when needed. If you are not willing or capable of doing this, you better ask someone else (e.g. on the mentioned mailinglist) to create and maintain the backport.
Basic Rules
- Subscribe to the backports mailinglist. Every announcement and bugreport should come over this mailinglist, so this is a must.
- Use "squeeze-backports" as distribution, neither "stable" nor "unstable".
- Make sure that you have a proper build environment which only contains squeeze and no unneeded backports. Maybe you want to consider pbuilder or cowbuilder for building packages.
- Append "~bpo${debian_release}+${build_int}" to the version number, e.g. "1.2.3-4" now becomes "1.2.3-4~bpo60+1", or for native packages, "1.2.3" becomes "1.2.3~bpo60+1".
- Please only upload package with a noteable userbase. User request for the package may be an indicator.
- Don't backport minor version changes without any user visible changes or bugfixes
- To guarantee an upgrade path from stable+backports to the next stable, the package should be in testing.. Of course there are some exceptions: Security updates. If your package had a security update you can upload a new backport even if its not yet in testing. There are also some other exception for packages like the kernel, xorg or oo.org.
- Do not do any changes to the package beside of backporting stuff.
- Include all changelog entries since the last version on debian-backports or since stable if it's the first version. You should do this by passing "-v" to dpkg-buildpackage. Eg: "debuild -sa -v0.7.5-2", where "0.7.5-2" is the version in stable. If the package wasn't in stable or backports before you don't have include the changelog entrys (but you are free to do so).
- Before uploading please think about how useful the package is for stable users and if you want to support the package until support for the distribution you uploaded ends.
If you feel you would need to diverge from these rules, either discuss it on the mailinglist or bring it up with the Backports Team for an exception.
Additionally
- Do not lower the standards version, it is just useless.
- Do not add lintian/linda overrides to suppress the 'wrong-distribution' warnings.
- Do always look at the interdiff between the testing version and the backports version, keep in mind that it should be as minimal as possible.
- Do write good changelogs and document all changes you needed to do in order to make it run on stable.
Security Uploads
If you upload a package which fixes security related problems please send a gpg inline signed mail to the debian-backports-announce mailinglist.
In advance ask team@backports.debian.org for a new BSA number.
Your mail should follow this template:
Subject: [BSA-XXX] Security Update for <packagename>
<Uploader> uploaded new packages for <packagename> which fixed the
following security problems:
CVE-XXXX or whatever ID if existant
short description
...
CVE-....
....
For the squeeze-backports distribution the problems have been fixed in
version <packageversion>.
<other distributions if any>
The Mailinglist is moderated so please be a little bit patient if your post does not appear immediately on the list.
Best Practice
Check NEW queue
Check the NEW queue at http://backports.debian.org/dak/new.html to avoid double efforts before you start to backport something.
Inform the Maintainer
It is a good idea to contact the maintainer of the package in Debian prior to your upload to let them know or even share ideas and common pitfalls (like special dependencies). If you are not already subscribed to debian-backports@lists.debian.org, please do so. There might be questions/problems from users regarding your backport(s) which you can answer best and hopefully solve. Also it is adviced to subscribe to the bugreports for the package through the PTS to be notified about issues that potential affect the backport too and would be a good reason to update the backports.
Inform the Backporter
If there is already a backport of your package of choice but it's outdated and you want to update it please inform the person who backported the last accepted version about your intensions. You can get the information from http://backports.debian.org/changes/squeeze-backports.html
Uploaders
If you put yourself into the Uploaders: field in debian/control you can easily track your backports on the package overview at http://qa.debian.org/developer.php. Alternatively you can use the subscribe feature of the DDPO to have them listed.