diff --git a/debian-alt/README.txt b/debian-alt/README.txt
index 30d43fd3c0..b6b144b60d 100644
--- a/debian-alt/README.txt
+++ b/debian-alt/README.txt
@@ -12,6 +12,7 @@ xenial may be copied to yakkety, zesty.
 Not maintained:
 wheezy files are not maintained. Use the precise files instead.
 jessie files may not be maintained. Use the trusty files instead.
+buster and sid files are not maintained, see the latest in Debian.
 
 Note on systemd:
 
diff --git a/debian-alt/sid/patches/0002-jetty-compatibility.patch b/debian-alt/sid/patches/0002-jetty-compatibility.patch
new file mode 100644
index 0000000000..022c1a55bf
--- /dev/null
+++ b/debian-alt/sid/patches/0002-jetty-compatibility.patch
@@ -0,0 +1,126 @@
+--- a/apps/jetty/java/src/net/i2p/jetty/JettyXmlConfigurationParser.java
++++ b/apps/jetty/java/src/net/i2p/jetty/JettyXmlConfigurationParser.java
+@@ -43,9 +43,9 @@
+     private static XmlParser initParser()
+     {
+         XmlParser parser = new XmlParser();
+-        URL config60 = Loader.getResource(XmlConfiguration.class, "org/eclipse/jetty/xml/configure_6_0.dtd");
+-        URL config76 = Loader.getResource(XmlConfiguration.class,"org/eclipse/jetty/xml/configure_7_6.dtd");
+-        URL config90 = Loader.getResource(XmlConfiguration.class,"org/eclipse/jetty/xml/configure_9_0.dtd");
++        URL config60 = Loader.getResource("org/eclipse/jetty/xml/configure_6_0.dtd");
++        URL config76 = Loader.getResource("org/eclipse/jetty/xml/configure_7_6.dtd");
++        URL config90 = Loader.getResource("org/eclipse/jetty/xml/configure_9_0.dtd");
+         parser.redirectEntity("configure.dtd",config90);
+         parser.redirectEntity("configure_1_0.dtd",config60);
+         parser.redirectEntity("configure_1_1.dtd",config60);
+--- a/apps/jetty/java/src/net/i2p/servlet/I2PDefaultServlet.java
++++ b/apps/jetty/java/src/net/i2p/servlet/I2PDefaultServlet.java
+@@ -132,7 +132,6 @@
+      *
+      * Get the resource list as a HTML directory listing.
+      */
+-    @Override
+     protected void sendDirectory(HttpServletRequest request,
+             HttpServletResponse response,
+             Resource resource,
+--- a/apps/jetty/java/src/net/i2p/jetty/I2PRequestLog.java
++++ b/apps/jetty/java/src/net/i2p/jetty/I2PRequestLog.java
+@@ -317,7 +317,7 @@
+                 buf.append(request.getMethod());
+                 buf.append(' ');
+                 
+-                request.getUri().writeTo(u8buf);
++                u8buf.append(request.getHttpURI().toString());
+                 
+                 buf.append(' ');
+                 buf.append(request.getProtocol());
+--- a/apps/routerconsole/java/src/net/i2p/router/web/HostCheckHandler.java
++++ b/apps/routerconsole/java/src/net/i2p/router/web/HostCheckHandler.java
+@@ -15,7 +15,7 @@
+ import net.i2p.util.PortMapper;
+ 
+ import org.eclipse.jetty.server.Request;
+-import org.eclipse.jetty.servlets.gzip.GzipHandler;
++import org.eclipse.jetty.server.handler.gzip.GzipHandler;
+ 
+ /**
+  * Block certain Host headers to prevent DNS rebinding attacks.
+--- a/apps/routerconsole/java/src/net/i2p/router/web/RouterConsoleRunner.java
++++ b/apps/routerconsole/java/src/net/i2p/router/web/RouterConsoleRunner.java
+@@ -22,6 +22,7 @@
+ import java.util.SortedSet;
+ import java.util.StringTokenizer;
+ import java.util.concurrent.LinkedBlockingQueue;
++import javax.servlet.ServletRequest;
+ 
+ import net.i2p.I2PAppContext;
+ import net.i2p.app.ClientAppManager;
+@@ -46,6 +47,7 @@
+ import org.eclipse.jetty.security.HashLoginService;
+ import org.eclipse.jetty.security.ConstraintMapping;
+ import org.eclipse.jetty.security.ConstraintSecurityHandler;
++import org.eclipse.jetty.security.UserStore;
+ import org.eclipse.jetty.security.authentication.DigestAuthenticator;
+ import org.eclipse.jetty.server.AbstractConnector;
+ import org.eclipse.jetty.server.ConnectionFactory;
+@@ -932,6 +934,8 @@
+             } else {
+                 HashLoginService realm = new CustomHashLoginService(JETTY_REALM, context.getContextPath(),
+                                                                     ctx.logManager().getLog(RouterConsoleRunner.class));
++                UserStore userStore = new UserStore();
++                realm.setUserStore(userStore);
+                 sec.setLoginService(realm);
+                 sec.setAuthenticator(authenticator);
+                 String[] role = new String[] {JETTY_ROLE};
+@@ -939,7 +943,7 @@
+                     String user = e.getKey();
+                     String pw = e.getValue();
+                     Credential cred = Credential.getCredential(MD5_CREDENTIAL_TYPE + pw);
+-                    realm.putUser(user, cred, role);
++                    userStore.addUser(user, cred, role);
+                     Constraint constraint = new Constraint(user, JETTY_ROLE);
+                     constraint.setAuthenticate(true);
+                     ConstraintMapping cm = new ConstraintMapping();
+@@ -959,7 +963,7 @@
+                         try {
+                             // each char truncated to 8 bytes
+                             String user2 = new String(b2, "ISO-8859-1");
+-                            realm.putUser(user2, cred, role);
++                            userStore.addUser(user2, cred, role);
+                             constraint = new Constraint(user2, JETTY_ROLE);
+                             constraint.setAuthenticate(true);
+                             cm = new ConstraintMapping();
+@@ -970,7 +974,7 @@
+                             // each UTF-8 byte as a char
+                             // this is what chrome does
+                             String user3 = new String(b1, "ISO-8859-1");
+-                            realm.putUser(user3, cred, role);
++                            userStore.addUser(user3, cred, role);
+                             constraint = new Constraint(user3, JETTY_ROLE);
+                             constraint.setAuthenticate(true);
+                             cm = new ConstraintMapping();
+@@ -1045,8 +1049,8 @@
+         }
+ 
+         @Override
+-        public UserIdentity login(String username, Object credentials) {
+-            UserIdentity rv = super.login(username, credentials);
++        public UserIdentity login(String username, Object credentials, ServletRequest request) {
++            UserIdentity rv = super.login(username, credentials, request);
+             if (rv == null)
+                 //_log.logAlways(net.i2p.util.Log.WARN, "Console authentication failed, webapp: " + _webapp + ", user: " + username);
+                 _log.logAlways(net.i2p.util.Log.WARN, "Console authentication failed, user: " + username);
+--- a/apps/routerconsole/java/src/net/i2p/router/web/LocaleWebAppHandler.java
++++ b/apps/routerconsole/java/src/net/i2p/router/web/LocaleWebAppHandler.java
+@@ -85,9 +85,9 @@
+                     String testPath = pathInContext.substring(0, len - 4) + '_' + lang + ".jsp";
+                     // Do we have a servlet for the new path that isn't the catchall *.jsp?
+                     @SuppressWarnings("rawtypes")
+-                    Map.Entry servlet = _wac.getServletHandler().getHolderEntry(testPath);
++                    org.eclipse.jetty.http.pathmap.MappedResource servlet = _wac.getServletHandler().getMappedServlet(testPath);
+                     if (servlet != null) {
+-                        String servletPath = (String) servlet.getKey();
++                        String servletPath = servlet.getPathSpec().getDeclaration();
+                         if (servletPath != null && !servletPath.startsWith("*")) {
+                             // success!!
+                             //System.err.println("Servlet is: " + servletPath);
diff --git a/debian-alt/sid/patches/series b/debian-alt/sid/patches/series
new file mode 100644
index 0000000000..5fabbd7e7c
--- /dev/null
+++ b/debian-alt/sid/patches/series
@@ -0,0 +1,2 @@
+0001-path-substitution.patch
+0002-jetty-compatibility.patch