- [Generate the tarball and announcement text](#generating-the-tarball-and-announcement-text)
- [OpenSSL 3.0 and on](#openssl-3.0-and-on)
- [OpenSSL before 3.0](#openssl-before-3.0)
- - [Update the website locally](#update-the-website-locally) [do not push]
+ - [Update the release data locally](#update-the-release-data-locally)
+ [do not push]
+ - [Update the website locally](#update-the-website-locally)
+ [security advisory only, do not push]
- [Publish the release](#publish-the-release)
+ - [Updating the release data](#updating-the-release-data)
+ - [Updating the website](#updating-the-website) [security advisory only]
- [Post-publishing tasks](#post-publishing-tasks)
- [Check the website](#check-the-website)
- [Send the announcement mail](#send-the-announcement-mail)
This contains certain common tools
+- `git@github.openssl.org:omc/data.git`
+
+ This contains files to be updated as part of any release
+
## PGP / GnuPG key
You must have a PGP / GnuPG key, and its fingerprint should be present in
The resulting directory will be referred to as `$TOOLS`
+- one for release data
+
+ git clone git@github.openssl.org:omc/data.git data
+
- At least one for openssl source
git clone git@github.openssl.org:openssl/openssl.git
The manual for that script is found in `$TOOLS/release-tools/MKRELEASE.md`
+## Update the release data locally
+
+*The changes in this section should be made in your clone of the release
+data repo*
+
+Update the newsflash.txt file. This normally is one or two lines. Just
+copy and paste existing announcements making minor changes for the date and
+version number as necessary. If there is an advisory then ensure you
+include a link to it.
+
+*Do* send the commits to the reviewer and await their approval.
+
+Commit your changes, but *do not push* them to the release data repo at this
+stage. (the release data repo being `git@github.openssl.org:omc/data.git`)
+
## Update the website locally
+**This is for security advisory updates only**
+
*The changes in this section should be made in your clone of the openssl
web repo*
-Update the news/newsflash.txt file. This normally is one or two lines.
-Just copy and paste existing announcements making minor changes for the date
-and version number as necessary. If there is an advisory then ensure you
-include a link to it.
-
Update the news/vulnerabilities.xml file if appropriate.
If there is a Security Advisory then copy it into the news/secadv directory.
git push <repository> <tagname>
+## Updating the release data
+
+Push the newsflash changes to the release data repo. When you do this, the
+website will get updated and a script to flush the Akamai CDN cache will be
+run. You can look at things on www-origin.openssl.org; the CDN-hosted
+www.openssl.org should only be a few minutes delayed.
+
## Updating the website
+**This is for security advisory updates only**
+
Push the website changes you made earlier to the OpenSSL website repo. When
you do this, the website will get updated and a script to flush the Akamai
CDN cache will be run. You can look at things on www-origin.openssl.org;