* Bump the version of Tor Messenger in [https://gitweb.torproject.org/tor-messenger-build.git/tree/rbm.conf rbm.conf]
* Ensure the HEAD on the build machines matches the master of the [https://gitweb.torproject.org/tor-messenger-build.git/ tor-messenger-build] repository.
* Run `make tor-messenger-release`. The builds will be in release/$VERSION directory, along with the sha256sums.txt file.
* Compare the Linux build hashes (reproducible) with one other person, preferably building on a different machine.
* Test builds on all platforms:
- Create at least one XMPP account and make sure in-band works and the account connects.
- Initiate an OTR conversation with another instance. Verify the various authentication mechanisms.
- Check "Error Console" for errors, warnings or messages and try to fix them.
* Sign the sha256sums.txt file (gpg -abs). Currently the builds are signed with the `0xB297B391` key.
* Note about add-ons update: add-ons will only be updated if the version in install.rdf has changed. So for example for ctypes-otr, make sure if there are changes to be updated that the version number is bumped.
* Tag the release (git tag -s v$VERSION -m 'version $VERSION'). Before pushing tag, make sure HEAD adds the date to the changelog and is not some other commit. Push tag to git.torproject.org.
* Upload the signed builds to https://dist.torproject.org/tormessenger/
* Upload the builds to virustotal.com so that they have time to calm down with false positive reports. (See #17454)
* Increment the version number and update the links on https://trac.torproject.org/projects/tor/wiki/doc/TorMessenger