Signing the builds for binary:any updates

In contrast to development in unstable, builds for arch:any packages need to be signed by the Security Team. Once they are signed, the compiled packages are uploaded to klecker.

TODO: Handling failed builds

Build mails can be signed with the dpkg-approve-buildd. There's also a config snippet for mutt.

TODO: where is this script available

Writing the advisory text

Write an advisory. Examples can be found on klecker in /org/security.debian.org/advisories/DSA

Once all builds are available and the advisory text is ready, send a mail to team@security.debian.org. The update will be reviewed and released as described in the following section.