Chapter 4. Resources for Debian Developers and Debian Maintainers

Table of Contents

4.1. Mailing lists
4.1.1. Basic rules for use
4.1.2. Core development mailing lists
4.1.3. Special lists
4.1.4. Requesting new development-related lists
4.2. IRC channels
4.3. Documentation
4.4. Debian machines
4.4.1. The bugs server
4.4.2. The ftp-master server
4.4.3. The www-master server
4.4.4. The people web server
4.4.5. The VCS servers
4.4.6. chroots to different distributions
4.5. The Developers Database
4.6. The Debian archive
4.6.1. Sections
4.6.2. Architectures
4.6.3. Packages
4.6.4. Distributions Stable, testing, and unstable More information about the testing distribution Experimental
4.6.5. Release code names
4.7. Debian mirrors
4.8. The Incoming system
4.9. Package information
4.9.1. On the web
4.9.2. The dak ls utility
4.10. The Debian Package Tracker
4.10.1. The package tracker email interface
4.10.2. Filtering mails from the package tracker
4.10.3. Forwarding VCS commits to the package tracker
4.10.4. The package tracker web interface
4.11. Developer's packages overview
4.12. Debian's FusionForge installation: Alioth
4.13. Goodies for Debian Developers and Debian Maintainers

In this chapter you will find a very brief road map of the Debian mailing lists, the Debian machines which may be available to you as a developer, and all the other resources that are available to help you in your maintainer work.

Much of the conversation between Debian developers (and users) is managed through a wide array of mailing lists we host at To find out more on how to subscribe or unsubscribe, how to post and how not to post, where to find old posts and how to search them, how to contact the list maintainers and see various other information about the mailing lists, please read This section will only cover aspects of mailing lists that are of particular interest to developers.

The core Debian mailing lists that developers should use are:

There are other mailing lists available for a variety of special topics; see for a list.

is a special mailing list for private discussions amongst Debian developers. It is meant to be used for posts which for whatever reason should not be published publicly. As such, it is a low volume list, and users are urged not to use unless it is really necessary. Moreover, do not forward email from that list to anyone. Archives of this list are not available on the web for obvious reasons, but you can see them using your shell account on and looking in the ~debian/archive/debian-private/ directory.

is a special mailing list used as a grab-bag for Debian related correspondence such as contacting upstream authors about licenses, bugs, etc. or discussing the project with others where it might be useful to have the discussion archived somewhere.

Several IRC channels are dedicated to Debian's development. They are mainly hosted on the Open and free technology community (OFTC) network. The DNS entry is an alias to

The main channel for Debian in general is #debian. This is a large, general-purpose channel where users can find recent news in the topic and served by bots. #debian is for English speakers; there are also, #debian-fr, #debian-br and other similarly named channels for speakers of other languages.

The main channel for Debian development is #debian-devel. It is a very active channel; it will typically have a minimum of 150 people at any time of day. It's a channel for people who work on Debian, it's not a support channel (there's #debian for that). It is however open to anyone who wants to lurk (and learn). Its topic is commonly full of interesting information for developers.

Since #debian-devel is an open channel, you should not speak there of issues that are discussed in . There's another channel for this purpose, it's called #debian-private and it's protected by a key. This key is available at

There are other additional channels dedicated to specific subjects. #debian-bugs is used for coordinating bug squashing parties. #debian-boot is used to coordinate the work on the debian-installer. #debian-doc is occasionally used to talk about documentation, like the document you are reading. Other channels are dedicated to an architecture or a set of packages: #debian-kde, #debian-dpkg, #debian-jr, #debian-edu, #debian-oo ( package)...

Some non-English developers' channels exist as well, for example #debian-devel-fr for French speaking people interested in Debian's development.

Channels dedicated to Debian also exist on other IRC networks, notably on the freenode IRC network, which was pointed at by the alias until 4th June 2006.

To get a cloak on freenode, you send Jörg Jaspert <> a signed mail where you tell what your nick is. Put cloak somewhere in the Subject: header. The nick should be registered: Nick Setup Page. The mail needs to be signed by a key in the Debian keyring. Please see Freenode documentation for more information about cloaks.

This document contains a lot of information which is useful to Debian developers, but it cannot contain everything. Most of the other interesting documents are linked from The Developers' Corner. Take the time to browse all the links, you will learn many more things.

Debian has several computers working as servers, most of which serve critical functions in the Debian project. Most of the machines are used for porting activities, and they all have a permanent connection to the Internet.

Some of the machines are available for individual developers to use, as long as the developers follow the rules set forth in the Debian Machine Usage Policies.

Generally speaking, you can use these machines for Debian-related purposes as you see fit. Please be kind to system administrators, and do not use up tons and tons of disk space, network bandwidth, or CPU without first getting the approval of the system administrators. Usually these machines are run by volunteers.

Please take care to protect your Debian passwords and SSH keys installed on Debian machines. Avoid login or upload methods which send passwords over the Internet in the clear, such as Telnet, FTP, POP etc.

Please do not put any material that doesn't relate to Debian on the Debian servers, unless you have prior permission.

The current list of Debian machines is available at That web page contains machine names, contact information, information about who can log in, SSH keys etc.

If you have a problem with the operation of a Debian server, and you think that the system operators need to be notified of this problem, you can check the list of open issues in the DSA (Debian System Administration) Team's queue of our request tracker at (you can login with user "debian", its password is available at To report a new problem in the request tracker, simply send a mail to and make sure to put the string "Debian RT" somewhere in the subject. To contact the DSA team by email, use for anything that contains private or privileged information and should not be made public, and otherwise. The DSA team is also present on the #debian-admin IRC channel on OFTC.

If you have a problem with a certain service, not related to the system administration (such as packages to be removed from the archive, suggestions for the web site, etc.), generally you'll report a bug against a ``pseudo-package''. See Section 7.1, “Bug reporting” for information on how to submit bugs.

Some of the core servers are restricted, but the information from there is mirrored to another server.

The server holds the canonical copy of the Debian archive. Generally, package uploaded to end up on this server, see Section 5.6, “Uploading a package”.

It is restricted; a mirror is available on

Problems with the Debian FTP archive generally need to be reported as bugs against the pseudo-package or an email to , but also see the procedures in Section 5.9, “Moving, removing, renaming, orphaning, adopting, and reintroducing packages”.

The Developers Database, at, is an LDAP directory for managing Debian developer attributes. You can use this resource to search the list of Debian developers. Part of this information is also available through the finger service on Debian servers, try finger to see what it reports.

Developers can log into the database to change various information about themselves, such as:

  • forwarding address for your email

  • subscription to debian-private

  • whether you are on vacation

  • personal information such as your address, country, the latitude and longitude of the place where you live for use in the world map of Debian developers, phone and fax numbers, IRC nickname and web page

  • password and preferred shell on Debian Project machines

Most of the information is not accessible to the public, naturally. For more information please read the online documentation that you can find at

Developers can also submit their SSH keys to be used for authorization on the official Debian machines, and even add new * DNS entries. Those features are documented at

The Debian distribution consists of a lot of packages (currently around 15000 source packages) and a few additional files (such as documentation and installation disk images).

Here is an example directory tree of a complete Debian archive:







As you can see, the top-level directory contains two directories, dists/ and pool/. The latter is a “pool” in which the packages actually are, and which is handled by the archive maintenance database and the accompanying programs. The former contains the distributions, stable, testing and unstable. The Packages and Sources files in the distribution subdirectories can reference files in the pool/ directory. The directory tree below each of the distributions is arranged in an identical manner. What we describe below for stable is equally applicable to the unstable and testing distributions.

dists/stable contains three directories, namely main, contrib, and non-free.

In each of the areas, there is a directory for the source packages (source) and a directory for each supported architecture (binary-i386, binary-amd64, etc.).

The main area contains additional directories which hold the disk images and some essential pieces of documentation required for installing the Debian distribution on a specific architecture (disks-i386, disks-amd64, etc.).

The main section of the Debian archive is what makes up the official Debian distribution. The main section is official because it fully complies with all our guidelines. The other two sections do not, to different degrees; as such, they are not officially part of Debian.

Every package in the main section must fully comply with the Debian Free Software Guidelines (DFSG) and with all other policy requirements as described in the Debian Policy Manual. The DFSG is our definition of “free software.” Check out the Debian Policy Manual for details.

Packages in the contrib section have to comply with the DFSG, but may fail other requirements. For instance, they may depend on non-free packages.

Packages which do not conform to the DFSG are placed in the non-free section. These packages are not considered as part of the Debian distribution, though we enable their use, and we provide infrastructure (such as our bug-tracking system and mailing lists) for non-free software packages.

The Debian Policy Manual contains a more exact definition of the three sections. The above discussion is just an introduction.

The separation of the three sections at the top-level of the archive is important for all people who want to distribute Debian, either via FTP servers on the Internet or on CD-ROMs: by distributing only the main and contrib sections, one can avoid any legal risks. Some packages in the non-free section do not allow commercial distribution, for example.

On the other hand, a CD-ROM vendor could easily check the individual package licenses of the packages in non-free and include as many on the CD-ROMs as it's allowed to. (Since this varies greatly from vendor to vendor, this job can't be done by the Debian developers.)

Note that the term section is also used to refer to categories which simplify the organization and browsing of available packages, e.g. admin, net, utils etc. Once upon a time, these sections (subsections, rather) existed in the form of subdirectories within the Debian archive. Nowadays, these exist only in the Section header fields of packages.

The directory system described in the previous chapter is itself contained within distribution directories. Each distribution is actually contained in the pool directory in the top-level of the Debian archive itself.

To summarize, the Debian archive has a root directory within an FTP server. For instance, at the mirror site,, the Debian archive itself is contained in /debian, which is a common location (another is /pub/debian).

A distribution comprises Debian source and binary packages, and the respective Sources and Packages index files, containing the header information from all those packages. The former are kept in the pool/ directory, while the latter are kept in the dists/ directory of the archive (for backwards compatibility).

There are always distributions called stable (residing in dists/stable), testing (residing in dists/testing), and unstable (residing in dists/unstable). This reflects the development process of the Debian project.

Active development is done in the unstable distribution (that's why this distribution is sometimes called the development distribution). Every Debian developer can update their packages in this distribution at any time. Thus, the contents of this distribution change from day to day. Since no special effort is made to make sure everything in this distribution is working properly, it is sometimes literally unstable.

The testing distribution is generated automatically by taking packages from unstable if they satisfy certain criteria. Those criteria should ensure a good quality for packages within testing. The update to testing is launched twice each day, right after the new packages have been installed. See Section 5.13, “The testing distribution”.

After a period of development, once the release manager deems fit, the testing distribution is frozen, meaning that the policies which control how packages move from unstable to testing are tightened. Packages which are too buggy are removed. No changes are allowed into testing except for bug fixes. After some time has elapsed, depending on progress, the testing distribution is frozen even further. Details of the handling of the testing distribution are published by the Release Team on debian-devel-announce. After the open issues are solved to the satisfaction of the Release Team, the distribution is released. Releasing means that testing is renamed to stable, and a new copy is created for the new testing, and the previous stable is renamed to oldstable and stays there until it is finally archived. On archiving, the contents are moved to

This development cycle is based on the assumption that the unstable distribution becomes stable after passing a period of being in testing. Even once a distribution is considered stable, a few bugs inevitably remain — that's why the stable distribution is updated every now and then. However, these updates are tested very carefully and have to be introduced into the archive individually to reduce the risk of introducing new bugs. You can find proposed additions to stable in the proposed-updates directory. Those packages in proposed-updates that pass muster are periodically moved as a batch into the stable distribution and the revision level of the stable distribution is incremented (e.g., ‘6.0’ becomes ‘6.0.1’, ‘5.0.7’ becomes ‘5.0.8’, and so forth). Please refer to uploads to the stable distribution for details.

Note that development under unstable continues during the freeze period, since the unstable distribution remains in place in parallel with testing.

The experimental distribution is a special distribution. It is not a full distribution in the same sense as stable, testing and unstable are. Instead, it is meant to be a temporary staging area for highly experimental software where there's a good chance that the software could break your system, or software that's just too unstable even for the unstable distribution (but there is a reason to package it nevertheless). Users who download and install packages from experimental are expected to have been duly warned. In short, all bets are off for the experimental distribution.

These are the sources.list(5) lines for experimental:

deb experimental main
deb-src experimental main

If there is a chance that the software could do grave damage to a system, it is likely to be better to put it into experimental. For instance, an experimental compressed file system should probably go into experimental.

Whenever there is a new upstream version of a package that introduces new features but breaks a lot of old ones, it should either not be uploaded, or be uploaded to experimental. A new, beta, version of some software which uses a completely different configuration can go into experimental, at the maintainer's discretion. If you are working on an incompatible or complex upgrade situation, you can also use experimental as a staging area, so that testers can get early access.

Some experimental software can still go into unstable, with a few warnings in the description, but that isn't recommended because packages from unstable are expected to propagate to testing and thus to stable. You should not be afraid to use experimental since it does not cause any pain to the ftpmasters, the experimental packages are periodically removed once you upload the package in unstable with a higher version number.

New software which isn't likely to damage your system can go directly into unstable.

An alternative to experimental is to use your personal web space on

Every released Debian distribution has a code name: Debian 6.0 is called squeeze; Debian 7, wheezy; Debian 8, jessie; the next release Debian 9 will be called stretch and Debian 10 will be called buster. There is also a ``pseudo-distribution'', called sid, which is the current unstable distribution; since packages are moved from unstable to testing as they approach stability, sid itself is never released. As well as the usual contents of a Debian distribution, sid contains packages for architectures which are not yet officially supported or released by Debian. These architectures are planned to be integrated into the mainstream distribution at some future date. The codenames and versions for older releases are listed on the website.

Since Debian has an open development model (i.e., everyone can participate and follow the development) even the unstable and testing distributions are distributed to the Internet through the Debian FTP and HTTP server network. Thus, if we had called the directory which contains the release candidate version testing, then we would have to rename it to stable when the version is released, which would cause all FTP mirrors to re-retrieve the whole distribution (which is quite large).

On the other hand, if we called the distribution directories Debian-x.y from the beginning, people would think that Debian release x.y is available. (This happened in the past, where a CD-ROM vendor built a Debian 1.0 CD-ROM based on a pre-1.0 development version. That's the reason why the first official Debian release was 1.1, and not 1.0.)

Thus, the names of the distribution directories in the archive are determined by their code names and not their release status (e.g., `jessie'). These names stay the same during the development period and after the release; symbolic links, which can be changed easily, indicate the currently released stable distribution. That's why the real distribution directories use the code names, while symbolic links for stable, testing, and unstable point to the appropriate release directories.

The various download archives and the web site have several mirrors available in order to relieve our canonical servers from heavy load. In fact, some of the canonical servers aren't public — a first tier of mirrors balances the load instead. That way, users always access the mirrors and get used to using them, which allows Debian to better spread its bandwidth requirements over several servers and networks, and basically makes users avoid hammering on one primary location. Note that the first tier of mirrors is as up-to-date as it can be since they update when triggered from the internal sites (we call this push mirroring).

All the information on Debian mirrors, including a list of the available public FTP/HTTP servers, can be found at This useful page also includes information and tools which can be helpful if you are interested in setting up your own mirror, either for internal or public access.

Note that mirrors are generally run by third-parties who are interested in helping Debian. As such, developers generally do not have accounts on these machines.

The Incoming system is responsible for collecting updated packages and installing them in the Debian archive. It consists of a set of directories and scripts that are installed on

Packages are uploaded by all the maintainers into a directory called UploadQueue. This directory is scanned every few minutes by a daemon called queued, *.command-files are executed, and remaining and correctly signed *.changes-files are moved together with their corresponding files to the unchecked directory. This directory is not visible for most Developers, as ftp-master is restricted; it is scanned every 15 minutes by the dak process-upload script, which verifies the integrity of the uploaded packages and their cryptographic signatures. If the package is considered ready to be installed, it is moved into the done directory. If this is the first upload of the package (or it has new binary packages), it is moved to the new directory, where it waits for approval by the ftpmasters. If the package contains files to be installed by hand it is moved to the byhand directory, where it waits for manual installation by the ftpmasters. Otherwise, if any error has been detected, the package is refused and is moved to the reject directory.

Once the package is accepted, the system sends a confirmation mail to the maintainer and closes all the bugs marked as fixed by the upload, and the auto-builders may start recompiling it. The package is now publicly accessible at until it is really installed in the Debian archive. This happens four times a day (and is also called the `dinstall run' for historical reasons); the package is then removed from incoming and installed in the pool along with all the other packages. Once all the other updates (generating new Packages and Sources index files for example) have been made, a special script is called to ask all the primary mirrors to update themselves.

The archive maintenance software will also send the OpenPGP/GnuPG signed .changes file that you uploaded to the appropriate mailing lists. If a package is released with the Distribution set to stable, the announcement is sent to . If a package is released with Distribution set to unstable or experimental, the announcement will be posted to or instead.

Though ftp-master is restricted, a copy of the installation is available to all developers on

The Debian Package Tracker is an email and web-based tool to track the activity of a source package. You can get the same emails that the package maintainer gets, simply by subscribing to the package in the Debian Package Tracker.

Each email sent through the package tracker is classified under one of the keywords listed below. This will let you select the mails that you want to receive.

By default you will get:


All the bug reports and following discussions.


The email notifications from about bug report status changes.


The email notification from dak when an uploaded source package is accepted.


Other warning and error emails from dak (such as an override disparity for the section and/or the priority field). Also includes notifications of package removals.


Build failures notifications sent by the network of build daemons, they contain a pointer to the build logs for analysis.


Any non-recognized email sent to the package tracker through In order to prevent spam, all messages sent to these addresses must contain the X-Distro-Tracker-Approved header with a non-empty value.


Mails sent to the maintainer through the * email aliases.


Regular summary emails about the package's status, including progression into testing. Ideally it should also include notifications of new upstream versions, and a notification if the package is orphaned (but this is not yet the case).

You can also decide to receive additional information:


The email notification from dak when an uploaded binary package is accepted. In other words, whenever a build daemon or a porter uploads your package for another architecture, you can get an email to track how your package gets recompiled for all architectures.


VCS commit notifications, if the package has a VCS repository and the maintainer has set up forwarding of commit notifications to the package tracker.


Translations of descriptions or debconf templates submitted to the Debian Description Translation Project.


Information about changes made to the package in derivative distributions (for example Ubuntu).


Bugs reports and comments from derivative distributions (for example Ubuntu).

You can control your subscription(s) to the package tracker by sending various commands to .

subscribe <sourcepackage> [<email>]

Subscribes email to communications related to the source package sourcepackage. Sender address is used if the second argument is not present. If sourcepackage is not a valid source package, you'll get a warning. However if it's a valid binary package, the package tracker will subscribe you to the corresponding source package.

unsubscribe <sourcepackage> [<email>]

Removes a previous subscription to the source package sourcepackage using the specified email address or the sender address if the second argument is left out.

unsubscribeall [<email>]

Removes all subscriptions of the specified email address or the sender address if the second argument is left out.

which [<email>]

Lists all subscriptions for the sender or the email address optionally specified.

keyword [<email>]

Tells you the keywords that you are accepting. For an explanation of keywords, see above.

keyword <sourcepackage> [<email>]

Same as the previous item but for the given source package, since you may select a different set of keywords for each source package.

keyword [<email>] {+|-|=} <list of keywords>

Accept (+) or refuse (-) mails classified under the given keyword(s). Define the list (=) of accepted keywords. This changes the default set of keywords accepted by a user.

keywordall [<email>] {+|-|=} <list of keywords>

Accept (+) or refuse (-) mails classified under the given keyword(s). Define the list (=) of accepted keywords. This changes the set of accepted keywords of all the currently active subscriptions of a user.

keyword <sourcepackage> [<email>] {+|-|=} <list of keywords>

Same as previous item but overrides the keywords list for the indicated source package.

quit | thanks | --

Stops processing commands. All following lines are ignored by the bot.

The pts-subscribe command-line utility (from the devscripts package) can be handy to temporarily subscribe to some packages, for example after having made an non-maintainer upload.

The package tracker has a web interface at that puts together a lot of information about each source package. It features many useful links (BTS, QA stats, contact information, DDTP translation status, buildd logs) and gathers much more information from various places (30 latest changelog entries, testing status, etc.). It's a very useful tool if you want to know what's going on with a specific source package. Furthermore, once authenticated, you can subscribe and unsubscribe from any package with a single click.

You can jump directly to the web page concerning a specific source package with a URL like

The web interface is easy to extend and you are welcome to integrate more useful data in it. If you want to contribute, have a look at

A QA (quality assurance) web portal is available at which displays a table listing all the packages of a single developer (including those where the party is listed as a co-maintainer). The table gives a good summary about the developer's packages: number of bugs by severity, list of available versions in each distribution, testing status and much more including links to any other useful information.

It is a good idea to look up your own data regularly so that you don't forget any open bugs, and so that you don't forget which packages are your responsibility.

Alioth is a Debian service based on a slightly modified version of the FusionForge software (which evolved from SourceForge and GForge). This software offers developers access to easy-to-use tools such as bug trackers, patch manager, project/task managers, file hosting services, mailing lists, VCS repositories etc. All these tools are managed via a web interface.

It is intended to provide facilities to free software projects backed or led by Debian, facilitate contributions from external developers to projects started by Debian, and help projects whose goals are the promotion of Debian or its derivatives. It's heavily used by many Debian teams and provides hosting for all sorts of VCS repositories.

All Debian developers automatically have an account on Alioth. They can activate it by using the recover password facility. External developers can request guest accounts on Alioth.

For more information please visit the following links:

Benefits available to Debian Developers and Debian Maintainers are documented on