From 4dbe4a010c76ac72d0067a2253a61806bab55733 Mon Sep 17 00:00:00 2001
From: RafaelGSS <rafael.nunu@hotmail.com>
Date: Fri, 16 Sep 2022 18:32:11 -0300
Subject: [PATCH] doc: mention where to push security commits
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

PR-URL: https://github.com/nodejs/node/pull/44691
Reviewed-By: Danielle Adams <adamzdanielle@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
---
 doc/contributing/releases.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/doc/contributing/releases.md b/doc/contributing/releases.md
index 8ca866cb595c9f..76a4cdd5fb16a1 100644
--- a/doc/contributing/releases.md
+++ b/doc/contributing/releases.md
@@ -263,6 +263,19 @@ branch.
 $ git checkout -b v1.2.3-proposal upstream/v1.x-staging
 ```
 
+<details>
+<summary>Security release</summary>
+
+When performing Security Releases, the `vN.x.x-proposal` branch should be
+branched off of `vN.x`.
+
+```console
+$ git checkout -b v1.2.3-proposal upstream/v1.x
+git cherry-pick  ...  # cherry-pick nodejs-private PR commits directly into the proposal
+```
+
+</details>
+
 ### 3. Update `src/node_version.h`
 
 Set the version for the proposed release using the following macros, which are
@@ -458,6 +471,9 @@ Notable changes:
 PR-URL: TBD
 ```
 
+**Note**: Ensure to push the proposal branch to the nodejs-private repository.
+Otherwise, you will leak the commits before the security release.
+
 </details>
 
 ### 6. Propose release on GitHub