Currently, our policy for this is very ad hoc, which is problematic. Some things that should be documented:
- home-built:
- what packages do and do we not create? What are the guidelines for this?
- what requirements are there on the packages?
- how do we make sure we //can// keep them up to date?
- how do we make sure they are //kept// up to date? (see e.g. T102862 and T114365)
- for apt.wm.o, the same questions apply, but the policy might already be clearer?
- backports:
- do we backport packages ourselves?
- do we just offer support in upstreaming the request?
- dpkg vs direct checkouts:
- do we prefer packaging a .deb (e.g. using fpm) over doing a git checkout or the other way around?
- deprecation:
- what do we do with packages that we should not have according to the policy?
There's probably some more things that should be considered, but these were a few I thought of.