Hi Chris,
Yeah, it's a bit of a shame that it wasn't finished before most
people (myself included) got distracted by other shiny things. For
the most part I think that the draft is "basically" correct, though
very much incomplete. I think there's also a few sections that are
a bit ambiguous (like the package naming conventions for modules vs
libraries).

If there's specific questions or you have suggestions/patches I don't
think anyone would stop you from asking and/or contributing though :)
Generally speaking (but TMTOWTDI) most people manage the packaging
related changes seperate from the actual development. In the case that
upstream != packager, it's often even (but not always) a seperate repository,
and otherwise I think the common recommendation is to have "debianization"
branches, usually one per supported distro+release, which branch off of
the relevant tags/commits in the mainline development.

It's not really a show stopper, but in practice it's a lot nicer being
able to have them seperate because packaging and development are typically
orthogonal workflows from each other, and you might end up in a situation
where one ./debian directory to rule them all won't work anyway. But
ultimately, what you do in your own VCS is up to you though, and what you
choose to do isn't going to be subject to any kind of formal review;
this is just more of some experience-based recommendations.

The critical thing (if you want your packages to be accepted into
debian/ubuntu) is that the resulting source package is not "native",
the "orig.tar.gz" that you upload does not contain the ./debian
subdirectory, and instead it is entirely contained in a .diff.gz
(format v1.0) or .debian.tar.gz (format v3.0, probably a better choice).
The -legal list is more "advisory" and in no sense official. I'd only
consult it if you had general questions that you weren't sure of, and even
then expect a number of possibly contradictory statements :)

The ftp-masters will review the contents for copyright/licensing related
stuff, and are usually pretty thorough. This is one of the things that
slows down the acceptance of packages from NEW into unstable. If you want
to speed it up, there's a new semi-standard format for debian/copyright[1]
which I haven't started using myself but I hear is generally liked.

If you're using a lot of 3rd party code, one piece of extra advise would be
to look to see if any of the 3rd party code is already debianized as a
seperate package. If so, it is very very strongly recommended to use the
package instead of your own embedded version. It's not a huge problem if you
*also* have the embedded version in your code, as long as it doesn't end up
being used in the resulting binary packages. It may be that the packaged
version isn't the same as yours, and that might mean you have to jump through
a couple extra hoops to support it, but there is a very strong prejudice
against embedded code copies (largely for security/QA reasons).
The new maintainer's guide probably good to read through, as well as
the official Debian Policy[2], the developer's reference[3],
the Webapps draft document[4] the database application draft policy[5] and
corresponding database setup support package[6]. And don't forget to run
lintian on your resulting source packages, it catches a lot of stuff that
you might otherwise miss.

For more general packaging questions, you might want to try on debian-mentors,
and for finding an upload sponsor you can feel free to ask both there and here,
and you might also try on the pkg-php mailing list if it's a PHP webapp.


HTH :)
sean

[1] http://dep.debian.net/deps/dep5/
[2] http://www.debian.org/doc/debian-policy/
[3] http://www.debian.org/doc/developers-reference/
[4] http://webapps-common.alioth.debian.org/draft/html/ (this is in a similar
state to the PHP draft, though)
[5] http://people.debian.org/~seanius/policy/dbapp-policy.html/
[6] http://people.debian.org/~seanius/policy/dbconfig-common.html/