Merge pull request #1237 from lightninglabs/release-timestamp

Update release notes template re timestamps
lightninglabs · Dec 10, 2024 · ec84760 · ec84760
2 parents fde6732 + 894431a
commit ec84760
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -29,7 +29,7 @@ jobs:
         run: |
           expected_tag=$(./scripts/get-git-tag-name.sh version.go)
           actual_tag=${{ env.RELEASE_VERSION }}
-          
+
           if [ "$actual_tag" = "$expected_tag" ]; then
             echo "Git tag release string is as expected."
           else
@@ -87,14 +87,17 @@ jobs:
 
             ## Verifying the Release Timestamp 
 
-            From this new version onwards, in addition time-stamping the _git tag_ with [OpenTimestamps](https://opentimestamps.org/), we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: ` manifest-roasbeef-${{ env.RELEASE_VERSION }}.txt.asc.ots`.
+            In addition to time-stamping the _git tag_ with [OpenTimestamps](https://opentimestamps.org/), we also timestamp the manifest file along with its signature. Two files are included in our release artifacts: `manifest-roasbeef-${{ env.RELEASE_VERSION }}.sig.ots` and `manifest-${{ env.RELEASE_VERSION }}.txt.ots`.
 
             Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands: 
             ```
             ots verify manifest-roasbeef-${{ env.RELEASE_VERSION }}.sig.ots -f manifest-roasbeef-${{ env.RELEASE_VERSION }}.sig
+            ots verify manifest-${{ env.RELEASE_VERSION }}.txt.ots -f manifest-${{ env.RELEASE_VERSION }}.txt
             ```
 
-            Alternatively, [the OpenTimestamps website](https://opentimestamps.org/) can be used to verify timestamps if one doesn't have a `bitcoind` instance accessible locally.
+            Alternatively, [the OpenTimestamps website](https://opentimestamps.org/) can be used to verify these timestamps if one doesn't have a `bitcoind` instance accessible locally.
+
+            Assuming you are using the [OpenTimestamps `ots-git-gpg-wrapper`](https://github.com/opentimestamps/opentimestamps-client/blob/master/doc/git-integration.md#usage) you can verify the timestamp of the _git tag_ by  verifying the tag as explained in _Verifying the Release Binaries_.
 
             These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.