From 9a70c3b8435a5260990e8a6b0020a2ced9e9ef5f Mon Sep 17 00:00:00 2001
From: Michael Dawson <mdawson@devrus.com>
Date: Thu, 24 Mar 2022 10:31:29 -0400
Subject: [PATCH] doc: add suggestion for OpenSSL only sec releases
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes: https://github.com/nodejs/TSC/issues/1187

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: https://github.com/nodejs/node/pull/42456
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Danielle Adams <adamzdanielle@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
---
 doc/contributing/security-release-process.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/doc/contributing/security-release-process.md b/doc/contributing/security-release-process.md
index 6aee4655ad75b8..1fe257181b6fb8 100644
--- a/doc/contributing/security-release-process.md
+++ b/doc/contributing/security-release-process.md
@@ -74,6 +74,17 @@ The current security stewards are documented in the main Node.js
   (Re-PR the pre-approved branch from nodejs-private/nodejs.org-private to
   nodejs/nodejs.org)
 
+  If the security release will only contain an OpenSSL update consider
+  adding the following to the pre-release announcement:
+
+  ```text
+  Since this security release will only include updates for OpenSSL, if you're using
+  a Node.js version which is part of a distribution which uses a system
+  installed OpenSSL, this Node.js security update might not concern you. You may
+  instead need to update your system OpenSSL libraries, please check the
+  security announcements for the distribution.
+  ```
+
 * [ ] Pre-release announcement [email][]: _**LINK TO EMAIL**_
   * Subject: `Node.js security updates for all active release lines, Month Year`
   * Body: