HOWTO-make-a-release.md: take into account the moved newsflash.txt

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/tools/pull/120)

diff --git a/HOWTO-make-a-release.md b/HOWTO-make-a-release.md
index bf0166a4f267e2be4e5292ea0e87da964023651c..44580a1bd99c6e91c8a6d9bf3106817093a57be1 100644 (file)
--- a/HOWTO-make-a-release.md
+++ b/HOWTO-make-a-release.md
@@ -21,8 +21,13 @@ and additional tester.
     -   [Generate the tarball and announcement text](#generating-the-tarball-and-announcement-text)
         -   [OpenSSL 3.0 and on](#openssl-3.0-and-on)
         -   [OpenSSL before 3.0](#openssl-before-3.0)
-    -   [Update the website locally](#update-the-website-locally) [do not push]
+    -   [Update the release data locally](#update-the-release-data-locally)
+        [do not push]
+    -   [Update the website locally](#update-the-website-locally)
+        [security advisory only, do not push]
 -   [Publish the release](#publish-the-release)
+    -   [Updating the release data](#updating-the-release-data)
+    -   [Updating the website](#updating-the-website) [security advisory only]
 -   [Post-publishing tasks](#post-publishing-tasks)
     -   [Check the website](#check-the-website)
     -   [Send the announcement mail](#send-the-announcement-mail)
@@ -62,6 +67,10 @@ You must have access to the following repositories:
 
     This contains certain common tools
 
+-   `git@github.openssl.org:omc/data.git`
+
+    This contains files to be updated as part of any release
+
 ## PGP / GnuPG key
 
 You must have a PGP / GnuPG key, and its fingerprint should be present in
@@ -122,6 +131,10 @@ You will need to checkout at least three working trees:
 
     The resulting directory will be referred to as `$TOOLS`
 
+-   one for release data
+
+        git clone git@github.openssl.org:omc/data.git data
+
 -   At least one for openssl source
 
         git clone git@github.openssl.org:openssl/openssl.git
@@ -233,16 +246,28 @@ with $TOOLS, and is generally called like this:
 
 The manual for that script is found in `$TOOLS/release-tools/MKRELEASE.md`
 
+## Update the release data locally
+
+*The changes in this section should be made in your clone of the release
+data repo*
+
+Update the newsflash.txt file.  This normally is one or two lines.  Just
+copy and paste existing announcements making minor changes for the date and
+version number as necessary.  If there is an advisory then ensure you
+include a link to it.
+
+*Do* send the commits to the reviewer and await their approval.
+
+Commit your changes, but *do not push* them to the release data repo at this
+stage.  (the release data repo being `git@github.openssl.org:omc/data.git`)
+
 ## Update the website locally
 
+**This is for security advisory updates only**
+
 *The changes in this section should be made in your clone of the openssl
 web repo*
 
-Update the news/newsflash.txt file.  This normally is one or two lines.
-Just copy and paste existing announcements making minor changes for the date
-and version number as necessary.  If there is an advisory then ensure you
-include a link to it.
-
 Update the news/vulnerabilities.xml file if appropriate.
 
 If there is a Security Advisory then copy it into the news/secadv directory.
@@ -296,8 +321,17 @@ the repository / remote and tag to be pushed:
 
     git push <repository> <tagname>
 
+## Updating the release data
+
+Push the newsflash changes to the release data repo.  When you do this, the
+website will get updated and a script to flush the Akamai CDN cache will be
+run.  You can look at things on www-origin.openssl.org; the CDN-hosted
+www.openssl.org should only be a few minutes delayed.
+
 ## Updating the website
 
+**This is for security advisory updates only**
+
 Push the website changes you made earlier to the OpenSSL website repo.  When
 you do this, the website will get updated and a script to flush the Akamai
 CDN cache will be run.  You can look at things on www-origin.openssl.org;