Fixes #4357 -- document the additional release steps for a security release (#4429)
* Fixes #4357 -- document the additional release steps for a security release
* One additional step
* Fix a few typos
* this is a word
* link these
diff --git a/docs/doing-a-release.rst b/docs/doing-a-release.rst
index 4561798..f87a449 100644
--- a/docs/doing-a-release.rst
+++ b/docs/doing-a-release.rst
@@ -3,6 +3,20 @@
Doing a release of ``cryptography`` requires a few steps.
+Security Releases
+-----------------
+
+In addition to the other steps described below, for a release which fixes a
+security vulnerability, you should also include the following steps:
+
+* Request a `CVE from MITRE`_. Once you have received the CVE, it should be
+ included in the :doc:`changelog`. Ideally you should request the CVE before
+ starting the release process so that the CVE is available at the time of the
+ release.
+* Ensure that the :doc:`changelog` entry credits whoever reported the issue.
+* The release should be announced on the `oss-security`_ mailing list, in
+ addition to the regular announcement lists.
+
Verifying OpenSSL version
-------------------------
@@ -78,6 +92,8 @@
* Send an email to the `mailing list`_ and `python-announce`_ announcing the
release.
+.. _`CVE from MITRE`: https://cveform.mitre.org/
+.. _`oss-security`: http://www.openwall.com/lists/oss-security/
.. _`upgrading OpenSSL issue template`: https://github.com/pyca/cryptography/issues/new?template=openssl-release.md
.. _`milestone`: https://github.com/pyca/cryptography/milestones
.. _`mailing list`: https://mail.python.org/mailman/listinfo/cryptography-dev
diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt
index 225ee3a..e8b9098 100644
--- a/docs/spelling_wordlist.txt
+++ b/docs/spelling_wordlist.txt
@@ -10,6 +10,7 @@
Botan
Brainpool
Capitan
+changelog
Changelog
ciphertext
codebook