Debian Fast Track is a repository that allows making “backports” of packages available to users of the stable distribution, if those packages cannot be maintained in testing and backported in the usual way.

See this proposal to create a fasttrack repo for packages like gitlab to understand the rationale and technical details.

This new unofficial service is being setup at

Server space is provided by Infomaniak (thanks to Zigo).

Add this to your ~/

fqdn                    =
incoming                = /pub/UploadQueue/
login                   = anonymous
allow_dcut              = 1
method                  = ftp
# Please, upload your package to the proper archive
allowed_distributions   = (?!UNRELEASED|.*-security)

Sample changelog entry

gitlab (11.11.8+dfsg-1+fto10+1) buster-fasttrack; urgency=medium

  * Rebuild for buster-fasttrack.

 -- Pirate Praveen <>  Wed, 14 Aug 2019 17:39:22 +0530

Note: Since this package is not expected to be upgradable when next stable version is released (unlike backports), the version does not have to be lesser than the version in unstable/testing.

We have a buster-backports suite as well for temporarily uploading packages that otherwise qualify backports criteria but we want in backports before it hits testing (transitions, freeze or blocking security update of a package in fasttrack). Once it reaches official backports, it should be removed from fast track repo.

Admins corner

DAK documentation

SSH upload

Add this to ~/ for ssh upload (for unreliable connections)

login   = root
# login = another_username
fqdn    =
method  = sftp
incoming        = /srv/dak/queue/unchecked/
allow_dcut      = 1
# Please, upload your package to the proper archive
allowed_distributions   = (?!UNRELEASED|.*-security)

Accept packages

dak process-upload -d /srv/dak/queue/unchecked # SSH uploads
dak process-upload -d /srv/ftp/pub/UploadQueue/ # anonymous ftp uploads
dak process-new
dak process-policy new
dak generate-packages-sources2
dak generate-release

Remove Packages

We should remove packages from buster-backports suite when they are accepted into official archive.

dak rm -s buster-backports -C <email> <package name>

Mention 'Accepted into official buster I backports' as reason.

dak generate-packages-sources2
dak generate-release
rm -rf /srv/dak/ftp/pool/<path to package>

Server Configuration


Allow all outgoing traffic

Block all incoming traffic

Open tcp ports 21 open for ftp.

Open few ports in the range 100xx to 10xxx for passive mode.

Open 80,443 port for http and https


Disable authentication via password for openssh-server

Add PasswordAuthentication no to /etc/ssh/sshd_config


Return 404 for files that shouldn't be publicly served


Set the following options in /etc/vsftpd.conf

anon_upload_enable=YES # Enables anonymous upload

write_enable=YES # Enables write to be permitted

pasv_enable=YES # Enables passive mode for ftp 



local_enable=NO # Disables login using local account in the server

The passive mode requires a small range of tcp ports (you can chose 10 as a range value) to be enabled. The pasv_max_port value should be greater than pasv_min_port value for the range to be proper.