Signing the builds for binary:any updates
In contrast to development in unstable, builds for arch:any packages need to be signed by the Security Team. Once they are signed, the compiled packages are uploaded to klecker.
TODO: Handling failed builds
Build mails can be signed with the dpkg-approve-buildd. There's also a config snippet for mutt.
TODO: where is this script available
Writing the advisory text
Write an advisory. Examples can be found on klecker in /org/security.debian.org/advisories/DSA
Once all builds are available and the advisory text is ready, send a mail to email@example.com. The update will be reviewed and released as described in the following section.