</para>
<para>
When closing security bugs include CVE numbers as well as the
-<literal>Closes: #<replaceable>nnnnn</replaceable></literal>
+<literal>Closes: #<replaceable>nnnnn</replaceable></literal>.
This is useful for the security team to track vulnerabilities. If an upload is
made to fix the bug before the advisory ID is known, it is encouraged to modify
the historical changelog entry with the next upload. Even in this case, please
</para>
<para>
Normally, a package should <emphasis>not</emphasis> be uploaded if it causes
-lintian to emit errors (they will start with <literal>E</literal>).
+<command>lintian</command> to emit errors (they will start with <literal>E</literal>).
</para>
<para>
For more information on <command>lintian</command>, see <xref
<listitem>
<para>
Any fixed packages that you have prepared yourself (send only the
-<literal>.diff.gz</literal> and <literal>.dsc</literal> files and read <xref
+<filename>.diff.gz</filename> and <filename>.dsc</filename> files and read <xref
linkend="bug-security-building"/> first)
</para>
</listitem>
</listitem>
<listitem>
<para>
-Unless the upstream source has been uploaded to <literal>security.debian.org
-</literal> before (by a previous security update), build the upload <emphasis
-role="strong">with full upstream source</emphasis> (<literal>dpkg-buildpackage
--sa</literal>). If there has been a previous upload to
-<literal>security.debian.org</literal> with the same upstream version, you may
-upload without upstream source (<literal>dpkg-buildpackage -sd</literal>).
+Unless the upstream source has been uploaded to
+<literal>security.debian.org</literal> before (by a previous security update),
+build the upload <emphasis role="strong">with full upstream source</emphasis>
+(<literal>dpkg-buildpackage -sa</literal>). If there has been a previous
+upload to <literal>security.debian.org</literal> with the same upstream
+version, you may upload without upstream source (<literal>dpkg-buildpackage
+-sd</literal>).
</para>
</listitem>
<listitem>
<replaceable>[architecture list]</replaceable> is optional and only needed
if the removal request only applies to some architectures, not all. Note
that the <command>reportbug</command> will create a title conforming
-to these rules when you use it to report a bug against the
+to these rules when you use it to report a bug against the
<literal>ftp.debian.org</literal> pseudo-package.
</para>
a false sense of good maintenance. For the same reason, team members do
not need to add themselves to the <literal>Uploaders</literal> field just because they are
uploading the package once, they can do a “Team upload” (see <xref
-linkend="nmu-team-upload"/>). Conversely, it it a bad idea to keep a
+linkend="nmu-team-upload"/>). Conversely, it is a bad idea to keep a
package with only the mailing list address as a <literal>Maintainer</literal> and no
<literal>Uploaders</literal>.
</para>
</para>
<para>
Sometimes, some packages never enter <literal>testing</literal> because the
-set of inter-relationship is too complicated and cannot be sorted out by the
+set of interrelationship is too complicated and cannot be sorted out by the
scripts. See below for details.
</para>
<para>
before or after this main run, depending on the exact type.
</para>
<para>
-If you want to see more details, you can look it up on
-<filename>merkel:/org/&ftp-debian-org;/testing/update_out/</filename> (or
-in <filename>merkel:~aba/testing/update_out</filename> to see a setup with
-a smaller packages file). Via web, it's at <ulink
-url="http://&ftp-master-host;/testing/update_out_code/"></ulink>.
+If you want to see more details, you can look it up on <ulink
+url="http://&ftp-master-host;/testing/update_output/"></ulink>.
</para>
<para>
The hints are available via <ulink