The branch master has been updated via f39ecd88bc71cdb4332ec42b12405abf3738bde2 (commit) from 0e935b5510ff4240341205184085f8a93eb36c24 (commit)
- Log ----------------------------------------------------------------- commit f39ecd88bc71cdb4332ec42b12405abf3738bde2 Author: Matt Caswell <m...@openssl.org> Date: Fri May 21 10:18:18 2021 +0100 Send release emails from the owner of the signing key Announcement emails should be sent from the email account of the owner of the signing key, otherwise some email clients will fail to verify the key correctly. A longer term solution will be to have a separate release signing key. Reviewed-by: Paul Dale <pa...@openssl.org> Reviewed-by: Richard Levitte <levi...@openssl.org> (Merged from https://github.com/openssl/tools/pull/89) ----------------------------------------------------------------------- Summary of changes: HOWTO-make-a-release.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/HOWTO-make-a-release.md b/HOWTO-make-a-release.md index 012256e..7456b6a 100644 --- a/HOWTO-make-a-release.md +++ b/HOWTO-make-a-release.md @@ -335,16 +335,17 @@ Also check the notes here: Send out the announcements. Generic release announcement messages will be created automatically by the build script and the commands you need to use to send them were displayed when you executed do-release.pl above. -These should normally be sent from the openssl account. These are sent to -openssl-users, openssl-project, and openssl-announce. +These are sent to openssl-users, openssl-project, and openssl-announce. They +should be sent from the account of the person that owns the key used for signing +the release announcement. Ensure that mutt is configured correctly - send a test +email first if necessary. If do-release.pl was used with `--move` be sure to move the announcement text files away from the staging directory after they have been sent. This is done as follows (with VERSION replaced with the version of OpenSSL to announce): - sudo -u openssl \ - mutt -s "OpenSSL version VERSION published" \ + REPLYTO="open...@openssl.org" mutt -s "OpenSSL version VERSION published" \ openssl-project openssl-users openssl-announce \ < /home/openssl/dist/new/openssl-VERSION.txt.asc sudo -u openssl \ @@ -367,9 +368,9 @@ Then copy the result to the temporary directory on dev.openssl.org: scp secadv_FILENAME.txt.asc dev.openssl.org:/tmp To finish, log in on dev.openssl.org and send the signed Security -Advisory by email as the openssl user, and the remove it: +Advisory by email as the user that signed the advisory, and then remove it: - sudo -u openssl mutt -s "OpenSSL Security Advisory" \ + REPLYTO="open...@openssl.org" mutt -s "OpenSSL Security Advisory" \ openssl-project openssl-users openssl-announce \ </tmp/secadv_FILENAME.txt.asc rm /tmp/secadv_FILENAME.txt.asc