Checklist for Application Managers
Note: The AM Tutorial wiki page is more up to date than this page.
This checklist only covers the most important areas of the NM checks. Depending on the Applicant's background and plans in the project, an Application Manager may choose to ignore some of the things listed here or to add others.
Also see the Mini-HOWTO for Application Managers.
The Applicant has to have an OpenPGP public key signed by at least one Debian member. If possible, at least one other signature from a well-connected OpenPGP key is also required. Always use gpg --check-sigs, not gpg --list-sigs to verify an Applicant's identity.
The OpenPGP key that will go to the Debian Keyring needs to be a version 4 key. To check this, get the fingerprint of the key and check if it's either 32 or 40 hexadecimal digits long. Version 3 keys have only 32 digits, version 4 have 40 digits. This key doesn't have to be the same as the one that is used to verify the Applicant's identity.
Applicants must have an encryption key. Check this by running gpg --list-keys <KeyID>. If the output doesn't contain a line with either <Number>E/<KeyID> or <Number>g/<KeyID>, the Applicant needs to add an encryption subkey.
Additional verification options can be used if there is some doubt about the identity of the Applicant:
- If the Applicant is a student, someone at their university can confirm their identify. This person should also be listed on the webpages of the university staff.
- If the Applicant works in a bigger company, their employer should be able to confirm their identity.
- There are websites that can do reverse lookups for telephone numbers, though this normally doesn't work for mobile phones. The number the Applicant provides should either resolve to their own name or the person answering the phone should be able to confirm the Applicant's identity.
There are no fixed rules for this part, but some areas should always be covered (and it is recommended to discuss the others):
- Applicants have to agree to uphold the Debian Policy and the Debian Machine Usage Policy (DMUP).
- Applicants need to agree to the Social Contract and must be able to explain how Debian relates to the Free Software Community.
- Applicants must have a good understanding of the Debian Free Software Guidelines. They need to be able to decide if a license is free or not and should have a strong opinion about Free Software.
- Applicants have to understand how the Debian Bug Tracking System works, what information Debian keeps in there (pseudo-packages, wnpp, ...) and how they can manipulate it.
- Applicants should know about Debian QA processes (orphaning, removing, NMUing and QA uploads).
- Applicants should understand the Debian release process.
- Applicants should know Debian's l10n and i18n efforts and what they can do to help them.
What needs to be covered by the T&S checks depends on the area the Applicant wishes to work in:
- Applicants aiming to work as packager must have at least
one package in the archive. The package should have enough users
to provide a basis for documentation of the Applicant's packaging
skills and their way of dealing with users, bug submitters and bugs.
Further questions should also cover some basic aspects of Debian packaging (conffiles, menus, init scripts, sub-policies, porting, complex dependencies).
- Applicants planning to write documentation must have already provided examples of their work. They should also have a clear vision on what kind of documents they want to work on in the future.
After all checks are finished and the AM is satisfied with the Applicant's performance, a report should be submitted to the Debian Account Manager and the New Member Front Desk. It should document what was done to satisfy the different parts of the New Member checks and also contain all information collected about the Applicant.
The email should be directed at <email@example.com> and <firstname.lastname@example.org> and contain the following things:
- A short overview about the application, containing some basic information about the Applicant.
- The account name the Applicant requested. It should be at least 3 characters long.
- The email address to which all mail directed at <account>@debian.org should be forwarded.
- The fingerprint of the Applicant's OpenPGP public key that should be incorporated into the Debian Keyring.
- An gzipped mbox with logs of all discussion between the Application Manager and the Applicant about the application.
This completes the Application Manager's responsibilities in the application process. The New Member Front Desk and the Account Manager will check and judge the application report.
Back to the New Members Corner