Whole document tree

Debian Developer's Reference
Chapter 2 - Applying to Become a Maintainer

2.1 Getting started

So, you've read all the documentation, you understand what everything in the hello example package is for, and you're about to Debianize your favourite piece of software. How do you actually become a Debian developer so that your work can be incorporated into the Project?

Firstly, subscribe to debian-devel@lists.debian.org if you haven't already. Send the word subscribe in the Subject of an email to debian-devel-REQUEST@lists.debian.org. In case of problems, contact the list administrator at listmaster@lists.debian.org. More information on available mailing lists can be found in Mailing lists, Section 4.1.

You should subscribe and lurk (that is, read without posting) for a bit before doing any coding, and you should post about your intentions to work on something to avoid duplicated effort.

Another good list to subscribe to is debian-mentors@lists.debian.org. See Debian Mentors, Section 2.3 for details. The IRC channel #debian on the Linux People IRC network (e.g., irc.debian.org) can also be helpful.

When you know how you want to contribute to Debian GNU/Linux, you should get in contact with existing Debian maintainers who are working on similar tasks. That way, you can learn from experienced developers. For example, if you are interested in packaging existing software for Debian you should try to get a sponsor. A sponsor will work together with you on your package and upload it to the Debian archive once he is happy with the packaging work you have done. You can find a sponsor by mailing the debian-mentors@lists.debian.org mailing list, describing your package and yourself and asking for a sponsor (see Sponsoring packages, Section 11.1 for more information on sponsoring). On the other hand, if you are interested in porting Debian to alternative architectures or kernels you can subscribe to port specific mailing lists and ask there how to get started. Finally, if you are interested in documentation or Quality Assurance (QA) work you can join maintainers already working on these tasks and submit patches and improvements.

2.2 Registering as a Debian developer

Before you decide to register with Debian GNU/Linux, you will need to read all the information available at the New Maintainer's Corner. It describes exactly the preparations you have to do before you can register to become a Debian developer. For example, before you apply, you have to to read the Debian Social Contract. Registering as a developer means that you agree with and pledge to uphold the Debian Social Contract; it is very important that maintainers are in accord with the essential ideas behind Debian GNU/Linux. Reading the GNU Manifesto would also be a good idea.

The process of registering as a developer is a process of verifying your identity and intentions, and checking your technical skills. As the number of people working on Debian GNU/Linux has grown to over 800 people and our systems are used in several very important places we have to be careful about being compromised. Therefore, we need to verify new maintainers before we can give them accounts on our servers and let them upload packages.

Before you actually register you should have shown that you can do competent work and will be a good contributor. You can show this by submitting patches through the Bug Tracking System or having a package sponsored by an existing maintainer for a while. Also, we expect that contributors are interested in the whole project and not just in maintaining their own packages. If you can help other maintainers by providing further information on a bug or even a patch, then do so!

Registration requires that you are familiar with Debian's philosophy and technical documentation. Furthermore, you need a GPG key which has been signed by an existing Debian maintainer. If your GPG key is not signed yet, you should try to meet a Debian maintainer in person to get your key signed. There's a GPG Key Signing Coordination page which should help you find a maintainer close to you (If you cannot find a Debian maintainer close to you, there's an alternative way to pass the ID check. You can send in a photo ID signed with your GPG key. Having your GPG key signed is the preferred way, however. See the identification page for more information about these two options.)

If you do not have an OpenPGP key yet, generate one. Every developer needs a OpenPGP key in order to sign and verify package uploads. You should read the manual for the software you are using, since it has much important information which is critical to its security. Many more security failures are due to human error than to software failure or high-powered spy techniques. See Maintaining Your Public Key, Section 3.2 for more information on maintaining your public key.

Debian uses the GNU Privacy Guard (package gnupg version 1 or better) as its baseline standard. You can use some other implementation of OpenPGP as well. Note that OpenPGP is a open standard based on RFC 2440.

The recommended public key algorithm for use in Debian development work is the DSA (sometimes call ``DSS'' or ``DH/ElGamal''). Other key types may be used however. Your key length must be at least 1024 bits; there is no reason to use a smaller key, and doing so would be much less secure. Your key must be signed with at least your own user ID; this prevents user ID tampering. gpg does this automatically.

If your public key isn't on public key servers such as pgp5.ai.mit.edu, please read the documentation available locally in /usr/share/doc/pgp/keyserv.doc. That document contains instructions on how to put your key on the public key servers. The New Maintainer Group will put your public key on the servers if it isn't already there.

Some countries restrict the use of cryptographic software by their citizens. This need not impede one's activities as a Debian package maintainer however, as it may be perfectly legal to use cryptographic products for authentication, rather than encryption purposes (as is the case in France). Debian GNU/Linux does not require the use of cryptography qua cryptography in any manner. If you live in a country where use of cryptography even for authentication is forbidden then please contact us so we can make special arrangements.

To apply as a new maintainer, you need an existing Debian maintainer to verify your application (an advocate). After you have contributed to Debian for a while, and you want to apply to become a registered developer, an existing developer with whom you have worked over the past months has to express his belief that you can contribute to Debian successfully.

When you have found an advocate, have your GPG key signed and have already contributed to Debian for a while, you're ready to apply. You can simply register on our application page. After you have signed up, your advocate has to confirm your application. When your advocate has completed this step you will be assigned an Application Manager who will go with you through the necessary steps of the New Maintainer process. You can always check your status on the applications status board.

For more details, please consult New Maintainer's Corner at the Debian web site. Make sure that you are familiar with the necessary steps of the New Maintainer process before actually applying. If you are well prepared, you can save a lot of timer later on.

2.3 Debian Mentors

The mailing list debian-mentors@lists.debian.org has been set up for novice maintainers who seek help with initial packaging and other developer-related issues. Every new developer is invited to subscribe to that list (see Mailing lists, Section 4.1 for details).

Those who prefer one-on-one help (e.g., via private email) should also post to that list and an experienced developer will volunteer to help.

Debian Developer's Reference