+ unless item[:release].nil?
+ obtaining += "\n" + <<~EOF
+ [targz]: #{distbase}/#{targz}
+ [targzsig]: #{distbase}/#{targz}.sig
+
+ The most recent release is version #{newsver}, released on
+ #{date.getutc.strftime("%Y-%m-%d")}. Source code for this version
+ is available in [#{targz}][targz] ([signature][targzsig]).
+ Noteworthy changes in this release:
+ EOF
+ obtaining += "\n"
+ news.each_line do |line|
+ break if line =~ /^[^[:space:]]/
+ obtaining += line.lstrip
+ end
+
+ obtaining += "\n\n" + <<~EOF
+ [gpg]: https://gnupg.org/
+
+ Use the signature file to verify that the corresponding source
+ bundle is intact. After downloading both files, if [GnuPG][gpg]
+ is installed, the signature can be verified with a command like:
+
+ <kbd>gpg --verify #{targz}.sig</kbd>
+
+ If the verification fails because you don't have the required
+ public key, that key can be imported with a command such as:
+
+ <kbd>gpg --keyserver keys.gnupg.net --recv-keys 5B45D3D185B8E1F6</kbd>
+
+ Then run the verify command again.
+ EOF
+ end
+
+ return "#{intro}\n\n#{obtaining}\n\n#{contents}"