The Packaging and Development guide is currently undergoing a major overhaul to bring it up to date. The current state you are seeing now is a preview of this effort.

The current version is unstable (changing URLs can occur at any time) and most content is not in properly reviewed yet. Proceed with caution and be aware of technical inaccuracies.

If you are an experienced packager and would like to contribute, we would love for you to be involved! See our contribution page for details of how to join in.

Ubuntu package archive

Linux distributions like Ubuntu use repositories to hold packages you can install on target machines. Ubuntu has several repositories that anyone can access. The Ubuntu package archive hosts Debian binary packages (.deb files) and source packages (.dsc files). On Ubuntu installations, the Ubuntu package archive is configured as the default source for the APT package manager to download and install packages from.


Some of the following terminologies have only loose or informal definitions. Also, be aware that the terminology surrounding the Ubuntu package archive gets mixed up in day-to-day communications. This can be confusing, but the meaning is usually evident from the surrounding context once you are familiar with the following terminologies.


In the context of package management, repositories are servers containing sets of packages that a package manager can download and install.

This term can refer to the Ubuntu package archive as a whole or just suites, pockets, or components.


A series refers to the packages that target a specific Ubuntu version. A series is usually referred to by its code name.

Examples of series are: mantic, lunar, jammy, focal, bionic, xenial, trusty.


In practice, the terms “Ubuntu series” and “Ubuntu release” are often used synonymously or are mistaken for each other. There is technically a difference; for example, an LTS version usually has an initial release (e.g. 22.04 LTS) and multiple point releases (e.g. 22.04.1 LTS, 22.04.2 LTS), which are all part of the same series (e.g. jammy).


Pockets are package sub-repositories within the Ubuntu package archive. Every Ubuntu series has the following pockets:


This pocket contains the packages that an Ubuntu series was initially released with. After the initial release of an Ubuntu series, the packages in this pocket are not updated (not even for security-related fixes).


This pocket contains security-related updates to packages in the release pocket.


This pocket contains non-security-related updates to packages in the release pocket.


This pocket is a staging environment the Ubuntu community can opt into, to verify the stability of any updates before they get deployed to a broader range of consumers.

  • Before the initial release of an Ubuntu series, this pocket contains non-security-related updates to packages in the release pocket before they get uploaded to the release pocket.

  • After the initial release of an Ubuntu series, this pocket contains non-security-related updates to packages in the release pocket before they get uploaded to the updates pocket.


This pocket contains packages the Ubuntu series was initially NOT released with.

The backports article provides more information on backporting software.


The backports pocket does not come with any security support guarantee. The Ubuntu Security Team does not update packages in the backports pocket. The Ubuntu community is responsible for maintaining packages in backports with later patches for bug fixes and security updates.


A combination of a series and a pocket. For example:



















You can see all active suites in the archive.


The devel series always mirrors the series with the code name of the current release in development.


Components are logical subdivisions or namespaces of the packages in a suite. The APT package manager can subscribe to the individual components of a suite.

The packages of an Ubuntu series are categorised according to whether they are Open Source Software or Closed Source Software, and whether or not they are part of the base packages for a given series. On this basis they are sorted into the components “main”, “restricted”, “universe”, or “multiverse”, as shown in the following table:

Open source software

Closed source software

Ubuntu base packages



Community packages



Canonical maintains the base packages and provides security updates. See release lifespan for more information about the official support provided by Canonical.

For example, if you look into any of the Pockets of the devel series (devel-release, devel-updates, devel-security, devel-proposed, devel-backports) you will see the four components (main, restricted, universe, multiverse) as directories.


This component contains open source software packages for a given series that are supported and maintained by Canonical.


This component contains closed source software packages for a given series that are supported and maintained by Canonical. Packages in this component are mostly proprietary drivers for devices and similar.


This component contains open source software packages for a given series that are supported and maintained by the Ubuntu community.


This component contains packages (for a given series) of closed source software, or open source software restricted by copyright or legal issues. These packages are maintained and supported by the Ubuntu community, but because of the restrictions, patching bugs or updates may not be possible.


Every day, hundreds of thousands of people want to download and install packages from the Ubuntu package archive. To provide a good user experience, the content of gets mirrored (replicated and kept in sync) by other servers to distribute network traffic, reduce latency, and provide redundancy, which ensures high availability and fault tolerance.

Here is a complete list of officially recognised Ubuntu package archive mirrors.


There are also mirrors for the Ubuntu ISO images (also called “CD images”, because ISO images can be downloaded and burned to a CD to make installation disks.)

You can find a complete list of officially recognised Ubuntu CD mirrors.

Country mirrors

Ubuntu package archive mirrors that provide a very reliable service in a country can request to be the official country mirror for that country. Ubuntu installations are configured by default to use the country mirror for their selected country.

Country mirrors are accessible via the domain name format:


You can see which mirror is the country mirror by doing a simple DNS lookup. For example:

dig +noall +answer      332     IN      CNAME       332     IN      A

Therefore, is Finland’s country mirror.

Tunisia does not have any third-party mirrors in its country. Therefore the Tunisia country mirror is just the primary Ubuntu package archive server (

dig +noall +answer      60      IN      A      60      IN      A      60      IN      A      60      IN      A      60      IN      A

which are just the IP addresses:

dig +noall +answer 1       IN      A 1       IN      A 1       IN      A 1       IN      A 1       IN      A

Package uploads

Ubuntu encourages contributions from any person in the wider community. However, direct uploading to the Ubuntu package archive is restricted. These general contributions need to be reviewed and uploaded by a sponsor.

See our article on sponsoring that explains this process in more detail.

Security update propagation

This section is a niche technical explanation. You can skip it if you don’t feel that this is currently relevant for you.

Because security updates contain fixes for Common Vulnerabilities and Exposures (CVE), it is mission critical to distribute them as fast as possible to end users. Mirrors are a technical burden in this case, because there is a delay between the synchronisation of a mirror and the primary Ubuntu package archive server.

In the worst case a bad actor gets informed about a CVE and can use it, before the update reaches a target machine.

Therefore the APT package manager is configured by default (on Ubuntu) to also check for updates from Security updates will get uploaded here first. If a mirror does not provide the update yet a client will download it from instead from the mirror.

You can see this yourself if you look what the sources.list(5) file contains on your Ubuntu machine:

cat /etc/apt/sources.list

At the end of the file you will find something similar to this:

deb SERIES-security main restricted
# deb-src SERIES-security main restricted
deb SERIES-security universe
# deb-src SERIES-security universe
deb SERIES-security multiverse
# deb-src SERIES-security multiverse

Because the sources.list(5) file is read from top to bottom, the APT package manager will download updates from the mirror first and only download it from if the mirror has an older version, because the mirror has not synchronised with the primary Ubuntu package archive server yet. points to the same servers as if you do a DNS lookup. It is used in the sources.list(5) file for the security pocket to prevent a user/script from accidentally changing it to a mirror.


Landscape repositories

Landscape is a management and administration tool for Ubuntu. Landscape allows you to mirror APT repositories like the Ubuntu package archive. Although it is not directly related to the Ubuntu package archive it can be educational to understand how APT repositories work in general.