diff --git a/docs/internals/howto-release-django.txt b/docs/internals/howto-release-django.txt index f6c63bcad3c..3f9735a5967 100644 --- a/docs/internals/howto-release-django.txt +++ b/docs/internals/howto-release-django.txt @@ -341,9 +341,10 @@ Now you're ready to actually put the release out there. To do this: database (this will automatically flip it to ``False`` for all others); you can do this using the site's admin. -#. Post the release announcement to the |django-announce|, - |django-developers|, and |django-users| mailing lists. This should - include links to the announcement blog post. +#. Post the release announcement to the |django-announce|, |django-developers|, + and |django-users| mailing lists. This should include a link to the + announcement blog post. If this is a security release, also include + oss-security@lists.openwall.com. Post-release ============ diff --git a/docs/internals/security.txt b/docs/internals/security.txt index b4207ab9516..f90f923f146 100644 --- a/docs/internals/security.txt +++ b/docs/internals/security.txt @@ -112,8 +112,8 @@ On the day of disclosure, we will take the following steps: relevant patches and new releases, and crediting the reporter of the issue (if the reporter wishes to be publicly identified). -4. Post a notice to the |django-announce| mailing list that links to the blog - post. +4. Post a notice to the |django-announce| and oss-security@lists.openwall.com + mailing lists that links to the blog post. .. _the Python Package Index: https://pypi.python.org/pypi .. _the official Django development blog: https://www.djangoproject.com/weblog/