[tools] master update

Matt Caswell matt at openssl.org
Thu Jun 3 14:45:37 UTC 2021 

The branch master has been updated
       via  f39ecd88bc71cdb4332ec42b12405abf3738bde2 (commit)
      from  0e935b5510ff4240341205184085f8a93eb36c24 (commit)


- Log -----------------------------------------------------------------
commit f39ecd88bc71cdb4332ec42b12405abf3738bde2
Author: Matt Caswell <matt at openssl.org>
Date:   Fri May 21 10:18:18 2021 +0100

    Send release emails from the owner of the signing key
    
    Announcement emails should be sent from the email account of the owner of
    the signing key, otherwise some email clients will fail to verify the key
    correctly.
    
    A longer term solution will be to have a separate release signing key.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/tools/pull/89)

-----------------------------------------------------------------------

Summary of changes:
 HOWTO-make-a-release.md | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/HOWTO-make-a-release.md b/HOWTO-make-a-release.md
index 012256e..7456b6a 100644
--- a/HOWTO-make-a-release.md
+++ b/HOWTO-make-a-release.md
@@ -335,16 +335,17 @@ Also check the notes here:
 Send out the announcements.  Generic release announcement messages will be
 created automatically by the build script and the commands you need to use
 to send them were displayed when you executed do-release.pl above.
-These should normally be sent from the openssl account.  These are sent to
-openssl-users, openssl-project, and openssl-announce.
+These are sent to openssl-users, openssl-project, and openssl-announce. They
+should be sent from the account of the person that owns the key used for signing
+the release announcement. Ensure that mutt is configured correctly - send a test
+email first if necessary.
 
 If do-release.pl was used with `--move` be sure to move the announcement
 text files away from the staging directory after they have been sent.  This
 is done as follows (with VERSION replaced with the version of OpenSSL to
 announce):
 
-    sudo -u openssl \
-        mutt -s "OpenSSL version VERSION published" \
+    REPLYTO="openssl at openssl.org" mutt -s "OpenSSL version VERSION published" \
             openssl-project openssl-users openssl-announce \
             < /home/openssl/dist/new/openssl-VERSION.txt.asc
     sudo -u openssl \
@@ -367,9 +368,9 @@ Then copy the result to the temporary directory on dev.openssl.org:
     scp secadv_FILENAME.txt.asc dev.openssl.org:/tmp
 
 To finish, log in on dev.openssl.org and send the signed Security
-Advisory by email as the openssl user, and the remove it:
+Advisory by email as the user that signed the advisory, and then remove it:
 
-    sudo -u openssl mutt -s "OpenSSL Security Advisory" \
+    REPLYTO="openssl at openssl.org" mutt -s "OpenSSL Security Advisory" \
             openssl-project openssl-users openssl-announce \
             </tmp/secadv_FILENAME.txt.asc
     rm /tmp/secadv_FILENAME.txt.asc

More information about the openssl-commits mailing list