<literal>unstable</literal>.
</para>
<para>
-Actually, there are two other possible distributions: <literal>stable-security</literal>
-and <literal>testing-security</literal>, but read
-<xref linkend="bug-security"/> for more information on those.
+Actually, there are other possible distributions:
+<replaceable>codename</replaceable><literal>-security</literal>,
+but read <xref linkend="bug-security"/> for more information on those.
</para>
<para>
It is not possible to upload a package into several distributions at the same
<title>Security uploads</title>
<para>
Do <emphasis role="strong">NOT</emphasis> upload a package to the security
-upload queue (<literal>oldstable-security</literal>, <literal>stable-security</literal>,
-etc.) without prior authorization from the security team. If the
+upload queue (on <literal>security-master.debian.org</literal>)
+without prior authorization from the security team. If the
package does not exactly meet the team's requirements, it will cause many
problems and delays in dealing with the unwanted upload. For details, please
see <xref linkend="bug-security"/>.
<para>
When you become aware of a security-related bug in a Debian package, whether or
not you are the maintainer, collect pertinent information about the problem,
-and promptly contact the security team, preferably by filing a ticket in
-their Request Tracker.
-See <ulink url="http://wiki.debian.org/rt.debian.org#Security_Team"></ulink>.
-Alternatively you may email &email-security-team;.
+and promptly contact the security team by emailing &email-security-team;. If
+desired, email can be encrypted with the Debian Security Contact key, see
+<ulink url="https://www.debian.org/security/faq#contact"/> for details.
<emphasis role="strong">DO NOT UPLOAD</emphasis> any packages for
<literal>stable</literal> without contacting the team. Useful information
includes, for example:
<listitem>
<para>
<emphasis role="strong">Target the right distribution</emphasis>
-in your <filename>debian/changelog</filename>.
-For <literal>stable</literal> this is <literal>stable-security</literal> and
-for <literal>testing</literal> this is <literal>testing-security</literal>, and for the previous
-stable release, this is <literal>oldstable-security</literal>. Do not target
-<replaceable>distribution</replaceable><literal>-proposed-updates</literal> or
+in your <filename>debian/changelog</filename>:
+<replaceable>codename</replaceable><literal>-security</literal>
+(e.g. <literal>wheezy-security</literal>).
+Do not target <replaceable>distribution</replaceable><literal>-proposed-updates</literal> or
<literal>stable</literal>!
</para>
</listitem>
--compare-versions</literal>. Be careful not to re-use a version number that
you have already used for a previous upload, or one that conflicts with a
binNMU. The convention is to append
-<literal>+</literal><replaceable>codename</replaceable><literal>1</literal>, e.g.
-<literal>1:2.4.3-4+lenny1</literal>, of course increasing 1 for any subsequent
+<literal>+deb</literal><replaceable>X</replaceable><literal>u1</literal> (where
+<replaceable>X</replaceable> is the major release number), e.g.
+<literal>1:2.4.3-4+deb7u1</literal>, of course increasing 1 for any subsequent
uploads.
</para>
</listitem>
<title>Uploading the fixed package</title>
<para>
Do <emphasis role="strong">NOT</emphasis> upload a package to the security
-upload queue (<literal>oldstable-security</literal>, <literal>stable-security</literal>,
-etc.) without prior authorization from the security team. If the
+upload queue (on <literal>security-master.debian.org</literal>)
+without prior authorization from the security team. If the
package does not exactly meet the team's requirements, it will cause many
problems and delays in dealing with the unwanted upload.
</para>