Translation(s): none

(!) /Discussion


http://www.debian.org/logos/openlogo-nd-50.png http://www.debian.org/Pics/debian.png

Contents

Introduction

Debian Maintainers are people who are not full Debian Developers but have a restricted ability to upload packages to the Debian archive.

The Debian Maintainers concept was introduced on 5th August 2007 by General Resolution.

Becoming a new Debian Maintainer is a different (newer) process than applying as a (more traditional) New Maintainer (NM), which is the process that has been established for a long time in Debian, to integrate new official Debian Developpers (see : Debian New Maintainers).

Overview

Debian Maintainers have their keys in the debian-maintainers keyring (available in the debian-maintainers package).

This keyring is used by dak on the Debian archive as part of the checks as to whether an uploaded package is to be accepted.

Packages signed by a key in the debian-maintainers keyring will be accepted if the package is not new and the previous version of the package contains this maintainer in the Maintainer or the Uploaders control fields and has the DM-Upload-Allowed control field present.

Advocating a Debian Maintainer

A Debian Developer should only advocate a Debian Maintainer candidate if they are familiar with the candidate's existing work in Debian and believe it to be of a suitable standard both technically and socially.

Debian Developers advocating Debian Maintainer candidates (or potential Debian Developers for that matter) must go into a bit more detail in their advocacy.

If the Debian Maintainer candidate has done "a great job", please explain what "a great job" means -- is there something special the candidate has done, or is it that whatever the candidate is working on is particularly important, or is the candidate remarkably consistent, or what?

What has the candidate actually done that has earnt your trust? What makes the candidate special compared to the other folks who are helping Debian? What in particular about the candidate's work should people lurking on the Debian lists be trying to emulate if they want to be a Debian Maintainer or a Debian Developer?

For example, if the Debian Maintainer candidate has good packaging skills, go into a bit more detail about what's convinced you the candidate has got those skills? Are there any difficult bugs you've worked together on, or new features the candidate has done a good job of getting into Debian, or has the candidate been particularly helpful supporting users, or...?

Once you have decided to advocate a Debian Maintainer applicant, you should compose your advocacy message as a reply to their declaration message. Ensure it is GnuPG-signed with your Debian userid, and addressed to the debian-newmaint list.

Becoming a Debian Maintainer

To become a Debian Maintainer, you must:

Development and Announcement mailing lists

Maintainers must subscribe to the debian-devel-announce mailing list and are highly encouraged to subscribe to the debian-devel mailing list.

Uploading packages

Once you have your key in the debian-maintainers keyring, you will be able to upload packages, where the following conditions hold:

The DM-Upload-Allowed: yes control field should be set by the sponsor (or by the sponsoree after a request from the sponsor), not silently added by the sponsoree without coordination with the usual sponsor. The field should only added to a source package after the sponsor is satisfied with the sponsoree's ability to handle that specific package, usually this happens after several good-quality uploads.

There is a DebianMaintainer/Tutorial for new maintainers.

dpkg caveat

Until recently dpkg did not understand the DM-Upload-Allowed field and would not add it to the DSC. You need to either have dpkg version >= 1.14.16 (you should use the most up to date tool versions anyway ;-)) or prefix it with 'XS-' for it to make it into the DSC file.

Key Changes

The debian-maintainers keyring is updated with a new version of the debian-keyring package. Its keys are not kept in sync with the keyservers. All changes to the debian-maintainers keyring are done with jetring changesets.

Annual ping

Maintainers must reconfirm their interest annually to keep their keys in the debian-maintainers keyring by filing a signed bug report against the debian-maintainers pseudo package.

Key replacement/removal

File a signed bug report with a jetring changeset against the debian-maintainers pseudo package to replace/update an existing key or remove a key from the debian-maintainers keyring. If you are replacing a key with an entirely new key (rather than just updating the expiry date or subkeys) you should read the following rules (taken from the rules for key replacement in the debian-developers keyring).

Rules for key replacement in the Debian Maintainers keyring

These are the rules governing what happens if a Debian Maintainer (Alice) wishes to replace her existing key (X) in the debian-maintainer keyring with an entirely new key (Y).

Please note that this procedure is to be followed by Debian Maintainers only – For Debian Developers, please create a RT ticket as explained in the Debian keyring update information page.

  1. Key Y must be signed by an active Debian Developer (Bob) whose key is in the debian-developers keyring.
  2. Alice files a signed bug report with a jetring changeset to the bug tracking system against the debian-maintainers pseudo package.

  3. Alice must get a Debian Developer (ideally not Bob) to sign a message requesting the replacement of key X with key Y on behalf of Alice. That statement should contain the key fingerprints of both keys X and Y and must be posted as a follow up to the bug report filed by Alice.
  4. If the reason for replacement is 'key X is compromised or no longer valid' then the request for replacement must be accompanied by a revocation certificate for key X.
  5. If the reason for the replacement is 'key X was lost' then a revocation certificate should be provided if possible.
  6. If the reason is 'I wanted a new key' then the new key must be strictly more secure than the old key and 'reasonably' connected where 'reasonably' is left up to the debian-maintainers keyring administrator and varies depending on the circumstances of the Debian Maintainer in question.
  7. Anything else is at the debian-maintainers keyring administrator's discretion and, in general, arbitrary key replacements without good cause will be rejected.

Statistics

Data

http://people.debian.org/~anibal/dm/dm-history

Graph

http://people.debian.org/~anibal/dm/dm.png

Bugs

http://people.debian.org/~glandium/bts/d/debian-maintainers.png

IRC Channel

#debian-maintainer at irc.debian.org


Page Copyright

License

GPLv2

Authors

JonDowland AnibalMonsalveSalazar

see DebianWiki/LicencingTerms for info about wiki content copyright.


CategoryPermalink