diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml
index 54cea59..36f478e 100644
--- a/.gitea/workflows/release.yml
+++ b/.gitea/workflows/release.yml
@@ -4,8 +4,8 @@
 #
 # Requires: Gitea Actions enabled with a runner that has Go, make, curl, and jq
 # (the actions/checkout + actions/setup-go steps need the instance's Actions proxy).
-# This workflow has not been exercised against this repo's runners yet; if a step
-# is unavailable on your runner, the same result comes from `make release && make
+# Verified: this workflow published v0.4.0 on this instance. If a step is ever
+# unavailable on your runner, the same result comes from `make release && make
 # publish` locally (see RELEASING.md).
 name: release
 on:
diff --git a/RELEASING.md b/RELEASING.md
index 72b32d4..1a48e82 100644
--- a/RELEASING.md
+++ b/RELEASING.md
@@ -39,8 +39,12 @@ git push origin v0.4.0     # (push via the tokenized HTTPS URL this repo uses)
 ```
 
 The workflow runs `make release` and uploads the assets to the release via the Gitea API. It needs
-Gitea Actions enabled with a runner that provides Go, make, curl, and jq. It hasn't been exercised
-against this repo's runners yet — if it doesn't fit your runner setup, fall back to Option A.
+Gitea Actions enabled with a runner that provides Go, make, curl, and jq. This is how v0.4.0 was
+published. If it ever doesn't fit your runner setup, fall back to Option A.
+
+> Note: release asset downloads are anonymous, so the repository (or at least its releases) must be
+> public for `skills/emcli/scripts/install.sh` to fetch binaries without a token. A private repo
+> returns 404 to unauthenticated downloads.
 
 ## After a release