So, you've read all the documentation, you understand what everything
in the hello
example package is for, and you're about to
Debianize your favourite piece of software. How do you actually
become a Debian developer so that your work can be incorporated into
the Project?
Firstly, subscribe to debian-devel@lists.debian.org if you haven't already. Send the word subscribe in the Subject of an email to debian-devel-REQUEST@lists.debian.org. In case of problems, contact the list administrator at listmaster@lists.debian.org. More information on available mailing lists can be found in Mailing lists, section 4.1.
You should subscribe and lurk for a bit before doing any coding, and you should post about your intentions to work on something to avoid duplicated effort.
Another good list to subscribe to is debian-mentors@lists.debian.org. See Debian Mentors, section 2.3 for details. The IRC channel #debian on the Linux People IRC network (i.e., irc.debian.org) can also be helpful.
Before you decide to register with the Debian Project, you will need to read the Debian Social Contract. Registering as a developer means that you agree with and pledge to uphold the Debian Social Contract; it is very important that maintainers are in accord with the essential ideas behind Debian GNU/Linux. Reading the GNU Manifesto would also be a good idea.
The process of registering as a developer is a process of verifying your identity and intentions. As the number of people working on Debian GNU/Linux has grown to over 400 people and our systems are used in several very important places we have to be careful about being compromised. Therefore, we need to verify new maintainers before we can give them accounts on our servers and letting them upload packages.
Registration requires that the following information be sent to new-maintainer@debian.org as part of the registration application:
Some mechanism by which we can verify your real-life identity. For example, any of the following mechanisms would suffice:
A PGP key signed by any well-known signature, such as:
If you do not have a PGP key yet, generate one. Every developer needs a PGP key in order to sign and verify package uploads. You should read the PGP manual, since it has much important information which is critical to its security. Many more security failures are due to human error than to software failure or high-powered spy techniques.
Our standard is to use pgp
version 2.x. You can use
pgp
version 5, if and only if you make an RSA key. Note that
we are also working with the gpg
team so that we can have a
free alternative to PGP; however, this may take a little bit of time.
Your PGP key must be at least 1024 bits long. There is no reason to use a smaller key, and doing so would be much less secure. Your key must be signed with at least your own user ID. This prevents user ID tampering. You can do it by executing pgp -ks your_userid.
If your PGP key isn't on public key servers such as pgp5.ai.mit.edu, please read the documentation available locally /usr/doc/pgp/keyserv.doc. That document contains instructions on how to put your key on the public key servers. The New Maintainer Group will put your public key on the servers if it isn't already there.
Due to export restrictions by the United States government some Debian
packages, including PGP, have been moved to an ftp site outside of the
United States. You can find the current locations of those packages on
ftp.debian.org
or ftp.us.debian.org
in the
/pub/debian/README.non-US
file.
Some countries restrict the use of cryptographic software by their citizens. This need not impede one's activities as a Debian package maintainer however, as it may be perfectly legal to use cryptographic products for authentication, rather than encryption purposes (as is the case in France). The Debian Project does not require the use of cryptography qua cryptography in any manner. If you live in a country where use of cryptography even for authentication is forbidden then please contact us so we can make special arrangements.
Once you have all your information ready, and your public key is
available on public key servers, send a message to
new-maintainer@debian.org to register as an offical Debian
developer so that you will be able to upload your packages. This
message must contain all the information discussed above. The message
must also contain your PGP or RSA public key (extracted using pgp
-kxa in the case of PGP) for the database of keys which is
distributed from ftp.debian.org
in
/pub/debian/doc/debian-keyring.tar.gz
, or the
debian-keyring
package. Please be sure to sign your request
message with your chosen public key.
Once this information is received and processed, you should be contacted with information about your new Debian maintainer account. If you don't hear anything within 7-14 days, please send a followup message asking if your original application was received. Do not re-send your original application, that will just confuse the new-maintainer team. Please be patient, especially near release points; mistakes do occasionally happen, and people do sometimes run out of volunteer time.
A mailing list called debian-mentors@lists.debian.org which has been set up for novice maintainers who seek help with initial packaging and other developer-related issues. Every new developer is invited to subscribe to that list (see Mailing lists, section 4.1 for details).
Those who prefer one-on-one help (e.g., via private email) should also post to that list and an experienced developer will volunteer to help.