document use of 'audit' target when releasing

This commit is contained in:
Lance Vick 2020-07-27 11:23:26 -07:00
parent 9d5ee9fc7e
commit db3ade30d4
Signed by: lrvick
GPG Key ID: 8E47A1EC35A1551D
1 changed files with 8 additions and 2 deletions

View File

@ -85,13 +85,19 @@ internet with high integrity on the supply chain of the firmware and OS used.
## Release ## ## Release ##
1. Verify then make detached signature of given release build with: 1. Audit dependencies to ensure no relevant CVEs are open at the moment:
```
make audit
```
2. Verify and add detached signature to given release with:
``` ```
make VERSION=1.0.0rc1 verify sign make VERSION=1.0.0rc1 verify sign
``` ```
2. Commit signatures. 3. Commit signatures.
## Development ## ## Development ##