Checklist for the Applicants

Step -1: Contribute

Before applying, one should really contribute to the Project through sponsored uploads, teams or other means first.

Step 0: Request for a change of status

The process starts via an request of status change through the New Member site interface. If an applicant is not yet registered on the site, they can visit this page after logging in on the site.

After this step, the Applicant is known to the system and the Debian New Member Front Desk is the primary contact for questions concerning the Application. The Front Desk manages or supervises all other steps and will try to help with all upcoming issues.

More info here.

Step 1: State of intent

After requesting his change of status, the Applicant may go in the subsequent Process page that has been created and post his Declaration of Intent in the form of an OpenPGP signed message. The proper instructions are on the relevant page.

More info here.

Step 2: Commitments to the SC/DFSG/DMUP

Like for step 1, the Applicant may go in his process page to post an OpenPGP signed statement to commit to follow the Debian Social Contract and the Debian Machine Usage Policies.

More info here.

Step 3: Get advocates

The applicant should have done the requirements of Step -1 and therefore have worked with current Debian Developers who will be willing to advocate his application. The Applicant should give these developers a link to his process page in order to get them post OpenPGP signed statements advocating his application.

The strict requirement is one advocacy, but the Front Desk and the Debian Account Managers tend to prefer more than one advocacy for an Applicant.

More info here.

Step 4: Identification

The Applicant must have provided a OpenPGP Fingerprint of his key on his personal page on the [[|New Member] site. This key must fulfill some requirements which currently (as of April 2020) are:

  1. the key should be type RSA and version 4 or greater
  2. the key should have the sign, certify and encrypt capabilities (subkeys are encouraged)
  3. the primary cryptographic material should be at least 4096 bits
  4. the UIDs should be signed by at least two existing Debian members (1 for DM applications)
  5. pseudonyms or anonymity are acceptable in certain circumstances

The only valid requirements are those specified on the New Member website.

More info here.

Step 5: Application Manager

The Applicant must go through the Application Manager process (AM process), which consists in multiple parts depending on whether the Applicant wishes to be able to upload packages to the Archive. The process may take multiple weeks as it consists in multiple email exchanges. The Step page gives more insights on the AM process.

More info here.

Step 6: DAM Review

The Application is reviewed by the Debian Account Managers who either:

  1. Approve the process
  2. Ask the Applicant or his Application Manager some specific things
  3. Cancel the process or reject the Application

Step 7: DSA + KeyringMaint Magic

The Debian System Administrators create a LDAP account to the Applicant, except if he already has a guest account in the LDAP database, and then the Keyring Maintainers add the OpenPGP Key to the appropriate part of the Keyring, or move it from the previous part it was in.