From ca9b44d69232790918cd941296daf4db72a434f1 Mon Sep 17 00:00:00 2001
From: Kenneth Knowles <klk@google.com>
Date: Mon, 25 Sep 2023 11:03:12 -0400
Subject: [PATCH] Move instructions for upgrading Go version to release guide

---
 contributor-docs/release-guide.md | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/contributor-docs/release-guide.md b/contributor-docs/release-guide.md
index d0a88db7a7a5..8ba561d3dfe1 100644
--- a/contributor-docs/release-guide.md
+++ b/contributor-docs/release-guide.md
@@ -240,10 +240,14 @@ related to the update have time to surface.
 
 #### Update Go version used for container builds
 
-Tracked in Github issue https://github.com/apache/beam/issues/27897
+Go makes security patch releases of their tooling. Ideally, we upgrade as soon
+as possible, but it is also good to ensure we are up to date for each release.
 
-Ideally, do the update at least a week before the release cut, so that any issues
-related to the update have time to surface.
+This potentially affects container bootloader security, and at the least can cause
+false positives when an default-configuration scanner is pointed at our containers.
+
+ - [ ] See if https://go.dev/doc/devel/release has a newer release. Update throughout
+       Beam. See example at https://github.com/apache/beam/pull/27900/files
 
 #### Update the Java BOM