Add brief doc section on release signing

Some people may happen across the security site expecting it to contain documentation about cryptographic signatures for release artifacts. Add a very brief paragraph to direct them to where these are actually documented on the releases site. Change-Id: Iaa3771ee21410e04f56d9d539d3f91423878514a Signed-off-by: Jeremy Stanley <fungi@yuggoth.org> Closes-Bug: #2119982
2025-08-07 21:10:49 +00:00
parent 5ca6d61985
commit 15cf933aa9
1 changed files with 10 additions and 0 deletions
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -101,6 +101,16 @@ point for anyone looking to securely deploy OpenStack.
 Read `the guide <http://docs.openstack.org/sec/>`_ online today.


+Release Artifact Signatures
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Deliverable artifacts for OpenStack releases, primarily Git tags and Python
+package files (``.tar.gz`` sdists and ``.whl`` wheels), are signed by our
+release automation. You can find more details in `the Cryptographic Signatures
+section of the OpenStack Releases site
+<https://releases.openstack.org/#cryptographic-signatures>`_.
+
+
 Security information for OpenStack developers
 ---------------------------------------------