Differences between revisions 85 and 86
Revision 85 as of 2010-09-06 01:11:16
Size: 10747
Revision 86 as of 2010-09-06 01:22:36
Size: 10935
Deletions are marked like this. Additions are marked like this.
Line 47: Line 47:
 * Note that due to weaknesses found with the SHA1 hashing algorithm Debian prefers to use keys that are at least 2048 bits and preferring SHA2. To create one, see [[http://keyring.debian.org/creating-key.html|Creating a new GPG key]].  * Note that due to weaknesses found with the SHA1 hashing algorithm Debian prefers to use keys that are at least 2048 bits and preferring SHA2. To create one, see [[http://keyring.debian.org/creating-key.html|Creating a new GPG key]]. Also see [[https://we.riseup.net/riseuplabs+paow/openpgp-best-practices|OpenPGP Best Practices]].
Line 134: Line 134:
 * https://we.riseup.net/riseuplabs+paow/openpgp-best-practices - OpenPGP Best Practices

Translation(s): none

(!) /Discussion

http://www.debian.org/logos/openlogo-nd-50.png http://www.debian.org/Pics/debian.png



Debian Maintainers (DMs) are people who have a restricted ability to upload packages to the Debian archive. They can maintain packages without a sponsor.

After six months a Debian Maintainer can apply to the Debian New Maintainers process to become an official Debian Developer. (see the Applicant's Checklist)

The Debian Maintainers concept was introduced on 5th August 2007 by General Resolution. An up to date list of DMs is available at https://nm.debian.org/dm_list.html .


Debian Maintainers have their keys in the debian-maintainers keyring (available in the debian-maintainers package).

This keyring is used by dak on the Debian archive as part of the checks as to whether an uploaded package is to be accepted.

Packages signed by a key in the debian-maintainers keyring will be accepted if the package is not new and the previous version of the package contains this maintainer in the Maintainer or the Uploaders control fields and has the DM-Upload-Allowed control field present.

Debian Maintainer should read this DebianMaintainer/Tutorial to know more about the annual ping, key changes and uploading packages.

Advocating a Debian Maintainer

A Debian Developer should only advocate a Debian Maintainer candidate if they are familiar with the candidate's existing work in Debian and believe it to be of a suitable standard both technically and socially.

Debian Developers advocating Debian Maintainer candidates (or potential Debian Developers for that matter) must go into a bit more detail in their advocacy.

If the Debian Maintainer candidate has done "a great job", please explain what "a great job" means -- is there something special the candidate has done, or is it that whatever the candidate is working on is particularly important, or is the candidate remarkably consistent, or what?

What has the candidate actually done that has earned your trust? What makes the candidate special compared to the other folks who are helping Debian? What in particular about the candidate's work should people lurking on the Debian lists be trying to emulate if they want to be a Debian Maintainer or a Debian Developer?

For example, if the Debian Maintainer candidate has good packaging skills, go into a bit more detail about what's convinced you the candidate has got those skills? Are there any difficult bugs you've worked together on, or new features the candidate has done a good job of getting into Debian, or has the candidate been particularly helpful supporting users, or...?

Once you have decided to advocate a Debian Maintainer applicant, you should compose your advocacy message as a reply to their declaration message. Ensure it is GnuPG-signed with your Debian userid, and addressed to the debian-newmaint list.

Becoming a Debian Maintainer

Steps required to become a Debian Maintainer

step 1 : Identification

  • Note that due to weaknesses found with the SHA1 hashing algorithm Debian prefers to use keys that are at least 2048 bits and preferring SHA2. To create one, see Creating a new GPG key. Also see OpenPGP Best Practices.

  • You must have a strong RSA GnuPG key (see line above) and it must be signed by at least one (but ideally more than one) Debian Developers.

    • If signed by only one DD, try to make sure there is at least another trust path to your key.

step 2 : Declaration of intent

To become a Debian Maintainer, you must:

  • agree to the social contract

  • agree to the DFSG

  • agree to the Debian Machine Usage Policies (dmup)

  • subscribe to the debian-devel-announce mailing list and are highly encouraged to subscribe to the debian-devel mailing list.

  • publically state your agreement to the above documents, signing your declaration with your OpenPGP key. Most people will post their declaration to the debian-newmaint mailing list

    • Your mail could look like this one:
      Subject: DM application of <your name>
      This is my declaration of intent to become a Debian Maintainer
      I have read the Social Contract, Debian Free Software Guidelines and
      Debian Machine Usage Policy and agree with all of them.
      Currently, I maintain the packages <insert the names of your packages>
      and I co‐maintain the packages <insert the names of your co‐maintained packages>.
      My GnuPG key <key ID> is signed by the Debian Developer <name of the developer>.
      I look forward to becoming a Debian Maintainer. Thanks for your attention.

step 3 : Advocation

  • You must have at least one (but preferably more) Debian Developer advocate you. This is usually a signed mail to debian-newmaint (often a reply to your declaration mail)

    • You should send a mail to all your advocates, asking them to reply to the message you've send to debian-newmaint. You might forward the message to them, so they have the correct message-ID.
      Subject: Support of DM application of <your name>
      Hello <advocate name>,
      I would like to become a Debian Maintainer. I've sent the e‐mail [1],
      also attached to this mail, to the mailinglist debian-newmaint. Now, I'm
      looking for one or more Debian Developers to support my application. If
      you think I would be a good Debian Maintainer, please post a statement to
      debian-newmaint. Something like this:
      Subject: Debian Maintainer application for <your name>
      I believe that <your name> has the technical skills needed to maintain Debian
      packages. I support his application to become a Debian maintainer, because
      <detailed and extensive explanation why you believe he has the right skills>
      [1] http://lists.debian.org/debian-newmaint/<complete the URL>
      Thanks, <your name>.

step 4 : Account creation

  • submit a bug report with a jetring changeset to the bug tracking system, filed against the debian-maintainers pseudo package (see existing pending reports). Use only URLs from debian.org for the agreement and advocates fields of the jetring changeset

    1. you have to get the latest debian-maintainer keyring, e.g. install the debian-keyring package

    2. create a copy of the debian-maintainer keyring file and add your key to it
      • % cp /usr/share/keyrings/debian-maintainers.gpg .
        % gpg --export <ID of your key> | gpg --import --no-default-keyring --keyring $PWD/debian-maintainers.gpg
        The path of the keyring must be absolute. (Note that you must not have a keyring specified in your ~/.gnupg/options for this to work!)
    3. generate the changeset with jetring-gen from the jetring package

      • % jetring-gen /usr/share/keyrings/debian-maintainers.gpg debian-maintainers.gpg 'Add <your name and e‐mail address> as a Debian Maintainer'
    4. edit the file add-* and add these fields; after the colon should be a space before the end of line

      • Recommended-By:
          <names and e‐mail addresses of all your advocates (comma separated)>
          http://lists.debian.org/debian-newmaint/<complete the URL of your agreement>
          http://lists.debian.org/debian-newmaint/<complete the URL>
  • There will be a delay of four days after the bug report has been submitted to wait in case of objections or any more advocacies from Debian Developers. This delay is a minimum but it might take more time until someone from the DM team processes your application. Note that the key is added to the keyring by the keyring team (not the DM team) and that you must expect another delay (between a few days and a few weeks depending on the case) due to this.


Now that you are a Debian Maintainer, you have to read this DebianMaintainer/Tutorial

IRC Channel

#debian-newmaint at irc.debian.org








Page Copyright




JonDowland AnibalMonsalveSalazar

see DebianWiki/LicencingTerms for info about wiki content copyright.