1 files changed, 14 insertions, 7 deletions

diff --git a/RELEASING_RAILS.rdoc b/RELEASING_RAILS.rdoc
index 4a9a875bfa..cbc9d0e1de 100644
--- a/RELEASING_RAILS.rdoc
+++ b/RELEASING_RAILS.rdoc
@@ -145,18 +145,25 @@ commits should be added to the release branch besides regression fixing commits.
 Many of these steps are the same as for the release candidate, so if you need
 more explanation on a particular step, so the RC steps.
 
-=== Email the rails security announce list, once for each vulnerability fixed.
-
-You can do this, or ask the security team to do it.
-
-FIXME: I can't remember the email addresses, but we should list them here.
-FIXME: Possibly we should do this the day of the RC?
+Today, do this stuff in this order:
 
 * Apply security patches to the release branch
 * Update CHANGELOG with security fixes.
 * Update RAILS_VERSION to remove the rc
 * Release the gems
-* Email announcement
+* Email security lists
+* Email general announcement lists
+
+=== Emailing the rails security announce list
+
+Email the security announce list once for each vulnerability fixed.
+
+You can do this, or ask the security team to do it.
+
+Email the security reports to:
+
+* rubyonrails-security@googlegroups.com
+* linux-distros@vs.openwall.org
 
 Be sure to note the security fixes in your announcement along with CVE numbers
 and links to each patch.  Some people may not be able to upgrade right away,