Sign me up Login

Package reviews

You can help to review packages. That is possible even if you are not a Debian developer (yet). No reason to be shy, it is ok if you do not know everything or you are not entirely sure if your suggestions are correct. Any help is appreciated. Interested in diving in? It is easy:

Why should I review packages? I can not upload them!

Glad you ask! There are many reasons why you should review packages even if you can't actually upload them.

How can I review packages?

Pick a source package and start. There is no single correct way to review packages, but chances are you may want to have a look on the following things:

You might also want to retrieve the maintainer GPG key to verify that all subsequent uploads are signed using the same key. While the key should be publicly available on servers such as or, can also act as a basic keyserver. Note that only key retrieval is implemented. Update or search are not available.

Given a key id, you can retrieve a key using:

gpg --keyserver hkps:// --recv-keys 0x123456789

Established sponsor guidelines

Several Debian Developers published their personal sponsor guidelines. Those are rules applying for a particular person or a specific packaging team in case you want to have a package sponsored by them. Typically those rules extend the Debian policy by custom requirements, or require a particular workflow from you. You can have a look at some guidelines from different people on our sponsors side