Differences between revisions 72 and 73
Revision 72 as of 2010-05-18 17:03:11
Size: 13557
Revision 73 as of 2010-06-13 11:15:10
Size: 13585
Editor: HenriLeFoll
Comment: add link to Keysigning
Deletions are marked like this. Additions are marked like this.
Line 42: Line 42:
Line 43: Line 44:
Line 44: Line 46:
Line 56: Line 59:
 * have your GnuPG key '''signed''' by at least one (but ideally more than one) ''Debian Developers''. If signed by only one DD, try to make sure there is at least another trust path to your key.
* have your GnuPG key [[Keysigning|signed]] by at least one (but ideally more than one) ''Debian Developers''.
. If signed by only one DD, try to make sure there is at least another trust path to your key.
Line 74: Line 80:
Line 95: Line 102:

Translation(s): none

(!) /Discussion

http://www.debian.org/logos/openlogo-nd-50.png http://www.debian.org/Pics/debian.png



Debian Maintainers (DMs) are people who are not full Debian Developers (DDs) but have a restricted ability to upload packages to the Debian archive.

The Debian Maintainers concept was introduced on 5th August 2007 by General Resolution. An up to date list of DMs is available at https://nm.debian.org/dm_list.html .

Becoming a new Debian Maintainer is a different (newer) process than applying as a (more traditional) New Maintainer (NM), which is the process that has been established for a long time in Debian, to integrate new official Debian Developpers (see : Debian New Maintainers).


Debian Maintainers have their keys in the debian-maintainers keyring (available in the debian-maintainers package).

This keyring is used by dak on the Debian archive as part of the checks as to whether an uploaded package is to be accepted.

Packages signed by a key in the debian-maintainers keyring will be accepted if the package is not new and the previous version of the package contains this maintainer in the Maintainer or the Uploaders control fields and has the DM-Upload-Allowed control field present.

Advocating a Debian Maintainer

A Debian Developer should only advocate a Debian Maintainer candidate if they are familiar with the candidate's existing work in Debian and believe it to be of a suitable standard both technically and socially.

Debian Developers advocating Debian Maintainer candidates (or potential Debian Developers for that matter) must go into a bit more detail in their advocacy.

If the Debian Maintainer candidate has done "a great job", please explain what "a great job" means -- is there something special the candidate has done, or is it that whatever the candidate is working on is particularly important, or is the candidate remarkably consistent, or what?

What has the candidate actually done that has earnt your trust? What makes the candidate special compared to the other folks who are helping Debian? What in particular about the candidate's work should people lurking on the Debian lists be trying to emulate if they want to be a Debian Maintainer or a Debian Developer?

For example, if the Debian Maintainer candidate has good packaging skills, go into a bit more detail about what's convinced you the candidate has got those skills? Are there any difficult bugs you've worked together on, or new features the candidate has done a good job of getting into Debian, or has the candidate been particularly helpful supporting users, or...?

Once you have decided to advocate a Debian Maintainer applicant, you should compose your advocacy message as a reply to their declaration message. Ensure it is GnuPG-signed with your Debian userid, and addressed to the debian-newmaint list.

Becoming a Debian Maintainer

To become a Debian Maintainer, you must:

  • agree to the social contract

  • agree to the DFSG

  • agree to the Debian Machine Usage Policies (dmup)

  • publically state your agreement to the above documents, signing your declaration with your OpenPGP key. Most people will post their declaration to the debian-newmaint mailing list

    • Your mail could look like this one:
      This is my declaration of intent to become a Debian Maintainer
      I have read the Social Contract, Debian Free Software Guidelines and
      Debian Machine Usage Policy and agree with all of them.
      Currently, I maintain the packages <insert the names of your packages>
      and I co‐maintain the packages <insert the names of your co‐maintained packages>.
      My GnuPG key <key ID> is signed by the Debian Developer <name of the developer>.
      I look forward to becoming a Debian Maintainer. Thanks for your attention.
  • have your GnuPG key signed by at least one (but ideally more than one) Debian Developers.

    • If signed by only one DD, try to make sure there is at least another trust path to your key.
  • have at least one (but preferably more) Debian Developers advocate you. This is usually a signed mail to debian-newmaint (often a reply to your declaration mail)

    • You should send a mail to all your advocates, asking them to reply to the message you've send to debian-newmaint. You might forward the message to them, so they have the correct message-ID.
      Subject: Support of Debian Maintainer application
      Hello <name>,
      I would like to become a Debian Maintainer. I've sent the e‐mail [1],
      also attached to this mail, to the mailinglist debian-newmaint. Now, I'm
      looking for one or more Debian Developers to support my application. If
      you think I would be a good Debian Maintainer, please post a statement to
      debian-newmaint. Something like this:
      Subject: Debian Maintainer application for <your name>
      I believe that <your name> has the technical skills needed to maintain Debian
      packages. I support his application to become a Debian maintainer, because
      <explanation why you believe he has the right skills>
      [1] http://lists.debian.org/debian-newmaint/<complete the URL>
      Thanks, <your name>.
  • submit a bug report with a jetring changeset to the bug tracking system, filed against the debian-maintainers pseudo package (see existing pending reports). Use only URLs from debian.org for the agreement and advocates fields of the jetring changeset

    1. you have to get the latest debian-maintainer keyring, e.g. install the debian-keyring package

    2. create a copy of the debian-maintainer keyring file and add your key to it
      • % cp /usr/share/keyrings/debian-maintainers.gpg .
        % gpg --export <ID of your key> | gpg --import --no-default-keyring --keyring $PWD/debian-maintainers.gpg
        The path of the keyring must be absolute. (Note that you must not have a keyring specified in your ~/.gnupg/options for this to work!)
    3. generate the changeset with jetring-gen from the jetring package

      • % jetring-gen /usr/share/keyrings/debian-maintainers.gpg debian-maintainers.gpg 'Add <your name and e‐mail address> as a Debian Maintainer'
    4. edit the file add-* and add these fields; after the colon should be a space before the end of line

      • Recommended-By:
          <names and e‐mail addresses of all your advocates (comma separated)>
          http://lists.debian.org/debian-newmaint/<complete the URL of your agreement>
          http://lists.debian.org/debian-newmaint/<complete the URL>
  • there will be a delay of four days after the bug report has been submitted to wait in case of objections or any more advocacies from Debian Developers

Development and Announcement mailing lists

Maintainers must subscribe to the debian-devel-announce mailing list and are highly encouraged to subscribe to the debian-devel mailing list.

Uploading packages

Once you have your key in the debian-maintainers keyring, you will be able to upload packages, where the following conditions hold:

  • the package already lists you in the Maintainer or the Uploaders control fields

  • the package already has the DM-Upload-Allowed: yes control field

  • the package is not NEW

The DM-Upload-Allowed: yes control field should be set by the sponsor (or by the sponsoree after a request from the sponsor), not silently added by the sponsoree without coordination with the usual sponsor. The field should only added to a source package after the sponsor is satisfied with the sponsoree's ability to handle that specific package, usually this happens after several good-quality uploads.

There is a DebianMaintainer/Tutorial for new maintainers.

dpkg caveat

Until recently dpkg did not understand the DM-Upload-Allowed field and would not add it to the DSC. You need to either have dpkg version >= 1.14.16 (you should use the most up to date tool versions anyway ;-)) or prefix it with 'XS-' for it to make it into the DSC file.

Key Changes

The debian-maintainers keyring is updated with a new version of the debian-keyring package. Its keys are not kept in sync with the keyservers. All changes to the debian-maintainers keyring are done with jetring changesets.

Annual ping

Maintainers must reconfirm their interest annually to keep their keys in the debian-maintainers keyring by filing a signed bug report against the debian-maintainers pseudo package.

Key replacement/removal

File a signed bug report with a jetring changeset against the debian-maintainers pseudo package to replace/update an existing key or remove a key from the debian-maintainers keyring. If you are replacing a key with an entirely new key (rather than just updating the expiry date or subkeys) you should read the following rules (taken from the rules for key replacement in the debian-developers keyring).

Rules for key replacement in the Debian Maintainers keyring

These are the rules governing what happens if a Debian Maintainer (Alice) wishes to replace her existing key (X) in the debian-maintainer keyring with an entirely new key (Y).

Please note that this procedure is to be followed by Debian Maintainers only – For Debian Developers, please create a RT ticket as explained in the Debian keyring update information page.

  1. Key Y must be signed by an active Debian Developer (Bob) whose key is in the debian-developers keyring.
  2. Alice files a signed bug report with a jetring changeset to the bug tracking system against the debian-maintainers pseudo package.

  3. Alice must get a Debian Developer (ideally not Bob) to sign a message requesting the replacement of key X with key Y on behalf of Alice. That statement should contain the key fingerprints of both keys X and Y and must be posted as a follow up to the bug report filed by Alice.
  4. If the reason for replacement is 'key X is compromised or no longer valid' then the request for replacement must be accompanied by a revocation certificate for key X.
  5. If the reason for the replacement is 'key X was lost' then a revocation certificate should be provided if possible.
  6. If the reason is 'I wanted a new key' then the new key must be strictly more secure than the old key and 'reasonably' connected where 'reasonably' is left up to the debian-maintainers keyring administrator and varies depending on the circumstances of the Debian Maintainer in question.
  7. Anything else is at the debian-maintainers keyring administrator's discretion and, in general, arbitrary key replacements without good cause will be rejected.








IRC Channel

#debian-newmaint at irc.debian.org

Page Copyright




JonDowland AnibalMonsalveSalazar

see DebianWiki/LicencingTerms for info about wiki content copyright.