diff --git a/TILE_AUTHOR_GUIDE.md b/TILE_AUTHOR_GUIDE.md
index 93dd0a834..69d1a31e2 100644
--- a/TILE_AUTHOR_GUIDE.md
+++ b/TILE_AUTHOR_GUIDE.md
@@ -268,17 +268,21 @@ kiln fetch --variable="github_token=${GITHUB_TOKEN}"
 
 Kiln can fetch and upload releases to/from Build Artifactory.
 
-_TODO_
+_TODO: write this section._
 
 #### <a id='release-source-s3'></a> AWS S3
 
 Kiln can fetch and upload releases to/from AWS S3.
 
-_TODO_
+_TODO: write this section._
 
-#### <a id='release-source-directory'></a> Local files
+#### <a id='release-source-directory'></a> Local tarballs
 
-_TODO_
+`kiln bake` adds the BOSH release tarballs in the releases directory to the tile reguardless of if they match the Kilnfile.lock
+(There may be a regression in this behavior but that change may be fixed/reverted.)
+Building a tile with arbitrary releases in the tarball is not secure; this behavior should only be used for development not for building production tiles.
+
+_TODO: test out this behavior (a slack comment mentioned it is not working)._
 
 #### Default credentials file
 
@@ -286,14 +290,14 @@ You can add a default credentials file to `~/.kiln/credentials.yml` so you don't
 Don't do this with production creds but if you have credentials you can safely write to your disk, consider using this functionality.
 The file can look like this
 ```yaml
-# GitHub release sources credentials
+# GitHub BOSH release tarball release sources credentials
 github_token: some-token
 
-# S3 release source credentials
+# S3 release BOSH release tarball source credentials
 aws_secret_access_key: some-key
 aws_access_key_id: some-id
 
-# Artifactory release source credentials
+# Artifactory BOSH release tarball release source credentials
 artifactory_username: some-username
 artifactory_password: some-password
 ```