From 6fb761628a11724b53c5497991437d7e25bd3be4 Mon Sep 17 00:00:00 2001
From: Allie Crevier <allie@freedom.press>
Date: Mon, 22 Jun 2020 08:48:51 -0700
Subject: [PATCH 1/2] update pre-release docs

---
 docs/development/release_management.rst | 34 ++++++++++++++++++++-----
 1 file changed, 27 insertions(+), 7 deletions(-)

diff --git a/docs/development/release_management.rst b/docs/development/release_management.rst
index 94c54de22a..a7700ef386 100644
--- a/docs/development/release_management.rst
+++ b/docs/development/release_management.rst
@@ -14,14 +14,34 @@ Pre-Release
 1. Open a **Release SecureDrop 1.x.y** issue to track release-related activity.
    Keep this issue updated as you proceed through the release process for
    transparency.
-#. Check if there is a new stable release of Tor that can be QAed and released
-   as part of the SecureDrop release. If so, file an issue.
-#. Check if a release candidate for the Tails release is prepared. If so, request
+
+#. Check if there is a new stable release of Tor that can be QAed and released as part of the 
+   SecureDrop release. You can find stable releases by checking the `Tor blog 
+   <https://blog.torproject.org/category/tags/stable-release>`_. If we can upgrade, file an issue
+   and upgrade Tor following these steps:
+
+      a. Bump the version in `fetch-tor-packages
+         <https://github.com/freedomofpress/securedrop/blob/develop/molecule/fetch-tor-packages/
+         playbook.yml>`_ and open a PR.
+
+      b. Run ``make fetch-tor-packages`` to download the new debs (this will use Secure apt under 
+         the hood to verify the Release file and package), copy the downloaded packages into the 
+         ``securedrop-dev-packages-lfs`` repo, and open a PR so that a reviewer can verify that
+         the checksums match the checksums of the packages hosted on the `Tor apt 
+         repo <https://deb.torproject.org/torproject.org/pool/main/>`_. Once the PR is merged, the 
+         packages will be resigned with our own Release key, replacing Tor's, and hosted on 
+         ``apt-test.freedom.press``. 
+
+#. Check if a new release or release candidate for Tails has been added to the `Tails apt repo 
+   <https://deb.tails.boum.org/dists/>`_. If so, request
    people participating in QA to use the latest release candidate.
-#. Ensure that a pre-release announcement is prepared and shared with the community
-   for feedback. Once the announcement is ready, coordinate with other team members to
-   send them to current administrators, post on the SecureDrop blog, and tweet
-   out a link.
+
+#. Work with the Communications Manager assigned for the release to prepare a pre-release 
+   announcement that will be shared on the support.freedom.press support portal, securedrop.org 
+   website, and Twitter. Wait until the day of the release before including an announcmement for a 
+   SecureDrop security update. For a point release, you may be able to skip the pre-release 
+   announcement depending on how small the point release is.
+   
 #. For a regular release for version 1.x.0, branch off ``develop``::
 
      git checkout develop

From 85cfd2171043077a10619e2dd9ad72aa33d2b5ac Mon Sep 17 00:00:00 2001
From: Conor Schaefer <conor@freedom.press>
Date: Mon, 22 Jun 2020 10:15:10 -0700
Subject: [PATCH 2/2] Docs: breaks out tor pre-release tasks

We already had a sublist of tasks, so let's be more explicit.
---
 docs/development/release_management.rst | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/docs/development/release_management.rst b/docs/development/release_management.rst
index a7700ef386..bb0292fa6c 100644
--- a/docs/development/release_management.rst
+++ b/docs/development/release_management.rst
@@ -24,13 +24,16 @@ Pre-Release
          <https://github.com/freedomofpress/securedrop/blob/develop/molecule/fetch-tor-packages/
          playbook.yml>`_ and open a PR.
 
-      b. Run ``make fetch-tor-packages`` to download the new debs (this will use Secure apt under 
-         the hood to verify the Release file and package), copy the downloaded packages into the 
-         ``securedrop-dev-packages-lfs`` repo, and open a PR so that a reviewer can verify that
-         the checksums match the checksums of the packages hosted on the `Tor apt 
-         repo <https://deb.torproject.org/torproject.org/pool/main/>`_. Once the PR is merged, the 
-         packages will be resigned with our own Release key, replacing Tor's, and hosted on 
-         ``apt-test.freedom.press``. 
+      b. Run ``make fetch-tor-packages`` to download the new debs. The script uses 
+         apt under the hood, so the Release file on the tor packages is verified according
+         to Tor's signature, ensuring package integrity.
+
+      c. Copy the downloaded packages into the ``securedrop-dev-packages-lfs`` repo,
+         and open a PR so that a reviewer can verify that the checksums match the checksums
+         of the packages hosted on the
+         `Tor apt repo <https://deb.torproject.org/torproject.org/pool/main/>`_. Once the PR is merged, the
+         packages will be resigned with our an FPF-managed test-only signing key, replacing the Tor
+         signature, and served from ``apt-test.freedom.press``.
 
 #. Check if a new release or release candidate for Tails has been added to the `Tails apt repo 
    <https://deb.tails.boum.org/dists/>`_. If so, request