Checklist for Application Managers
This checklist only covers the most important areas of the NM checks.
Depending on the Applicant's
background and plans in the project, an Application Manager may choose to ignore some of the things
listed here or to add others.
Also see the Mini-HOWTO for Application
Managers.
The Applicant has to have
an OpenPGP public key signed by at least one Debian member. If possible, at least one other signature
from a well-connected OpenPGP key is also required. Always
use gpg --check-sigs, not gpg --list-sigs to verify
an Applicant's identity.
The OpenPGP key that will go to the Debian Keyring needs to be
a version 4 key. To check this, get the fingerprint of the key
and check if it's either 32 or 40 hexadecimal digits long. Version 3
keys have only 32 digits, version 4 have 40 digits. This key
doesn't have to be the same as the one that is used to verify the
Applicant's identity.
Applicants must have an encryption key. Check this by
running gpg --list-keys <KeyID>.
If the output doesn't contain a line with either
<Number>E/<KeyID> or
<Number>g/<KeyID>, the
Applicant needs to add an encryption subkey.
If the Applicant can't
provide a signed key, a government-issued photo ID can be used for
identification. Please contact the Front Desk in such cases.
Additional verification options can be used if there is some
doubt about the identity of the Applicant:
- If the Applicant is a student, someone at their university can
confirm their identify. This person should also be listed on the
webpages of the university staff.
- If the Applicant works in a bigger company, their employer should
be able to confirm their identity.
- There are websites that can do reverse lookups for telephone
numbers, though this normally doesn't work for mobile phones.
The number the Applicant provides should either resolve to their
own name or the person answering the phone should be able to
confirm the Applicant's identity.
There are no fixed rules for this part, but some areas should
always be covered (and it is recommended to discuss the
others):
- Applicants have to agree to uphold the Debian Policy and the Debian Machine Usage Policy (DMUP).
- Applicants need to agree to the Social Contract and must be able to explain how Debian
relates to the Free Software Community.
- Applicants must have a good understanding of the Debian Free Software
Guidelines. They need to be able to decide if a license is free
or not and should have a strong opinion about Free Software.
- Applicants have to understand how the Debian Bug Tracking
System works, what information Debian keeps in there (pseudo-packages,
wnpp, ...) and how they can manipulate it.
- Applicants should know about Debian QA processes (orphaning,
removing, NMUing and QA uploads).
- Applicants should understand the Debian release process.
- Applicants should know Debian's l10n and i18n efforts and what
they can do to help them.
What needs to be covered by the T&S checks depends on the
area the Applicant wishes to work in:
- Applicants aiming to work as packager must have at least
one package in the archive. The package should have enough users
to provide a basis for documentation of the Applicant's packaging
skills and their way of dealing with users, bug submitters and bugs.
Further questions should also cover some basic aspects of Debian
packaging (conffiles, menus, init scripts, sub-policies, porting,
complex dependencies).
- Applicants planning to write documentation must have already
provided examples of their work. They should also have a clear vision
on what kind of documents they want to work on in the future.
After all checks are finished and the AM is satisfied with the
Applicant's performance, a report should be submitted to the Debian
Account Manager and the New Maintainer Front Desk. It should
document what was done to satisfy the different parts of the New
Maintainer checks and also contain all information collected
about the Applicant.
The email should be directed at <da-manager@debian.org> and
<new-maintainer@debian.org> and contain the following
things:
- A short overview about the application, containing some basic
information about the Applicant.
- The account name the Applicant requested. It should be at least
2 characters long, 3 is better.
- The email address to which all mail directed at
<account>@debian.org should be forwarded.
- The Applicant's OpenPGP public key used to verify the Applicant's
identity.
- The Applicant's OpenPGP public key that should be incorporated
into the Debian Keyring.
- An mbox with logs of all discussion between the Application Manager
and the Applicant about the application.
- A printable, trimmed log of all communication. Use the provided
mbox as basis for this.
This completes the Application Manager's responsibilities in the
application process. The New Maintainer Front Desk and the Account
Manager will check and judge the application report.
Back to the New Maintainer Corner
