From 15cf933aa9990c67def757866f5ba4b94ae023a7 Mon Sep 17 00:00:00 2001
From: Jeremy Stanley <fungi@yuggoth.org>
Date: Thu, 7 Aug 2025 21:10:49 +0000
Subject: [PATCH] Add brief doc section on release signing

Some people may happen across the security site expecting it to
contain documentation about cryptographic signatures for release
artifacts. Add a very brief paragraph to direct them to where these
are actually documented on the releases site.

Change-Id: Iaa3771ee21410e04f56d9d539d3f91423878514a
Signed-off-by: Jeremy Stanley <fungi@yuggoth.org>
Closes-Bug: #2119982
---
 doc/source/index.rst | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/doc/source/index.rst b/doc/source/index.rst
index 08919d8..fa364dd 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -101,6 +101,16 @@ point for anyone looking to securely deploy OpenStack.
 Read `the guide <http://docs.openstack.org/sec/>`_ online today.
 
 
+Release Artifact Signatures
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Deliverable artifacts for OpenStack releases, primarily Git tags and Python
+package files (``.tar.gz`` sdists and ``.whl`` wheels), are signed by our
+release automation. You can find more details in `the Cryptographic Signatures
+section of the OpenStack Releases site
+<https://releases.openstack.org/#cryptographic-signatures>`_.
+
+
 Security information for OpenStack developers
 ---------------------------------------------