Point Release Security Tracking


What is Point Release Security?

The Point Release Security Co-ordinator (PRSC) is a go-between role, liasing with the Security team, Release team and individual maintenance teams. The brief is to take minor security issues (those which don't justify a DSA) from the Security team, and work with maintainers and the Release team to get fixes into the stable and oldstable releases.

Since there is a stable point release approximately every eight weeks, and an oldstable release approximately every twelve weeks, there is about a six- or ten-week period during which the main co-ordination happens.

For maintainers

You're probably here because you were sent notification that a security problem in your package was handed off to the PRSC.

Getting your fix into stable/oldstable is straightforward:

  1. Prepare your fix, with a target of stable or oldstable, and build it in an up-to-date chroot for that release
  2. Send a debdiff of the new package (against the package in your target release) to the release team, seeking permission to upload
  3. Upload as normal, and wait for it to be included in the next point release.


There is a PRSC tracker at /tracker/<bugnum> (e.g. /tracker/660650) for each bug being tracked.


Please contact jmw AT debian DOT org with questions or corrections to the tracking information.