Overview

Soplos Linux maintains a strictly curated repository. Quality and security are our top priorities. All packages are reviewed, built, and signed by the Core Team.

Soplos Packager

Soplos Packager is the internal tool used to create .deb packages for the Soplos repositories. It automates:

  • Debian package structure generation
  • Dependency resolution and metadata
  • Build process standardization
  • Linting and policy compliance checks

This tool ensures all packages follow the same quality standards and structure.

Quality Standards

All packages submitted to Soplos repositories must meet these requirements:

  • Debian Policy Compliance: Follow the Debian Policy Manual
  • No Lintian Errors: All packages must pass lintian checks
  • Security Audit: Code must be reviewed for vulnerabilities
  • Reproducible Builds: Packages must build identically from source
  • License Compliance: Clear licensing and copyright information

Submission Process

Security Notice: Direct binary uploads are NOT permitted. All packages undergo manual security audit by the Core Team.

To propose a new package for Soplos repositories:

  1. Prepare Source Package: Create a clean, well-documented source package following Debian standards.
  2. Submit for Review: Open a "Package Request" issue on GitHub with a link to your source code repository.
  3. Security Audit: The Core Team reviews the source code for security vulnerabilities and policy compliance.
  4. Build & Sign: If approved, the Core Team uses Soplos Packager to build and sign the package.
  5. Repository Integration: The signed package is added to the official repository using Soplos Repo Manager.
Trust Model: The Soplos package manager only trusts packages signed with the official Core Team GPG key.