diff --git a/4130.trivial b/4130.trivial
new file mode 100644
index 00000000..e69de29b
diff --git a/RELEASING.md b/RELEASING.md
index 379fd975..752384fb 100644
--- a/RELEASING.md
+++ b/RELEASING.md
@@ -31,6 +31,15 @@ You can begin by reviewing vendored dependencies which can be found in `pipenv/v
 Next you can consult `pipenv/patched/patched.txt` which enumerates the patched dependencies. Follow the same process, but be aware that you will need to rewrite patches for each dependency once you update (most likely) as they do tend to change somewhat substantially.
 
 
+### Update Safety
+
+Pipenv also includes a vendored copy of `safety` for checking for vulnerabilities against the `pyup.io` database. In order to update the `safety` package, run the following:
+
+```console
+$ inv vendoring.update-safety
+```
+
+
 ### Updating patches
 
 For larger libraries you can keep local clones of them and simply generate full patch sets in which you replace the updated path in pipenv when you are done making changes.  Here is an example of a script used from inside a local clone of `pip` to generate a patch and copy it to pipenv's local patches directory.
@@ -74,12 +83,18 @@ $ pipenv run inv vendoring.update
 
 This will automatically remove the `./pipenv/vendor/` and `./pipenv/patched/` directories and re-download and patch the specified dependencies. It will also attempt to download any relevant licenses. Once this is completed, run `git status` and inspect the output -- look through the `git diff` for anything that may cause breakages. If any licenses have been deleted, you will need to determine why they were not replaced by the license download tooling.
 
+## Review Vendored Licenses
+
+
 Make sure to read through any modified license files for changes -- note that we cannot redistribute code that is licensed under a [copyleft](https://en.wikipedia.org/wiki/Copyleft) license, such as the [GPL](https://en.wikipedia.org/wiki/GPL). Similarly, all vendored code **must** be licensed or it cannot be redistributed. If vendored libraries have become unlicensed or are no longer usable, suitable replacements will have to be found and potentially patched into the vendored dependencies. This may be a good time to consider simply including the dependency as an install requirement.
 
+### TODO
+Look into using a tool like https://fossa.com/ to help with this.
+
 
 ## Update Pipfile.lock
 
-Now we will need to update the lockfile. You will need to run the following:
+Now we will need to update the lockfile. This is required to ensure tests run against the latest versions of libraries. You will need to run the following:
 
 ```bash
 # use the latest python here
@@ -144,10 +159,14 @@ If in doubt, follow the basic instructions below.
 3. Get credentials to co-maintain the pipenv project on PyPI.org -- **SPOF alert**
 4. Set the version number to [a pre-release identifier](https://www.python.org/dev/peps/pep-0440/#pre-release-separators)
 5. Package and upload pipenv [to PyPI](https://pypi.org/project/pipenv/#history) as a pre-release/alpha
-6. Publicize on distutils-sig, pypa-dev, and the relevant GitHub issue(s)
-7. Wait a week, then update version number to a canonical release and re-release on PyPI.org
+6. Publicize on distutils-sig, [Discourse](https://discuss.python.org/c/packaging), and the relevant GitHub issue(s)
+    a. write up diplomatic notification
+7. Recruit manual testing ([example](https://pad.sfconservancy.org/p/help-test-pipenv-2020-03-26)) for workflows we don't account for
+8. Wait a week, then update version number to a canonical release and re-release on PyPI.org
+10. Publicize on lists, Discourse, GitHub issues
+
 
 
 ## Looking ahead
 
-Most of the pipenv related ecosystem libraries are using [github actions](https://github.com/sarugaku/vistir/blob/master/.github/workflows/pypi_upload.yml) to automate releases when tags are pushed. Most likely we will look to move in this direction and simplify the process.
+Most of the pipenv related ecosystem libraries are using [GitHub actions](https://github.com/sarugaku/vistir/blob/master/.github/workflows/pypi_upload.yml) to automate releases when tags are pushed. Most likely we will look to move in this direction and simplify the process.
diff --git a/news/4278.bugfix.rst b/news/4278.bugfix.rst
new file mode 100644
index 00000000..21396490
--- /dev/null
+++ b/news/4278.bugfix.rst
@@ -0,0 +1 @@
+Fix a bug that caused non-specific versions to be pinned in ``Pipfile.lock``.
diff --git a/news/4279.trivial.rst b/news/4279.trivial.rst
new file mode 100644
index 00000000..3d57e01a
--- /dev/null
+++ b/news/4279.trivial.rst
@@ -0,0 +1,2 @@
+Remove expection of ``version`` key in ``test_ssh_vcs_install`` to prevent it
+from failing.
diff --git a/pipenv/__version__.py b/pipenv/__version__.py
index 24299f3f..6fa30498 100644
--- a/pipenv/__version__.py
+++ b/pipenv/__version__.py
@@ -2,4 +2,4 @@
 #   //   ) ) / / //   ) ) //___) ) //   ) ) ||  / /
 #  //___/ / / / //___/ / //       //   / /  || / /
 # //       / / //       ((____   //   / /   ||/ /
-__version__ = "2020.5.28"
+__version__ = "2020.5.28.dev0"
diff --git a/pipenv/utils.py b/pipenv/utils.py
index d008e761..ce1354cd 100644
--- a/pipenv/utils.py
+++ b/pipenv/utils.py
@@ -1191,7 +1191,7 @@ def get_locked_dep(dep, pipfile_section, prefer_pipfile=True):
     lockfile_name, lockfile_dict = lockfile_entry.copy().popitem()
     lockfile_version = lockfile_dict.get("version", "")
     # Keep pins from the lockfile
-    if prefer_pipfile and lockfile_version != version and version.startswith("=="):
+    if prefer_pipfile and lockfile_version != version and version.startswith("==") and "*" not in version:
         lockfile_dict["version"] = version
     lockfile_entry[lockfile_name] = lockfile_dict
     return lockfile_entry
diff --git a/tests/integration/test_install_uri.py b/tests/integration/test_install_uri.py
index 2300ec82..534cc5e9 100644
--- a/tests/integration/test_install_uri.py
+++ b/tests/integration/test_install_uri.py
@@ -59,7 +59,6 @@ def test_ssh_vcs_install(PipenvInstance):
         assert p.lockfile["default"]["six"] == {
             "git": "ssh://git@github.com/benjaminp/six.git",
             "ref": "15e31431af97e5e64b80af0a3f598d382bcdd49a",
-            "version": "==1.11.0"
         }
 
 
diff --git a/tests/integration/test_lock.py b/tests/integration/test_lock.py
index 672fbedf..48232e60 100644
--- a/tests/integration/test_lock.py
+++ b/tests/integration/test_lock.py
@@ -748,3 +748,16 @@ def test_lock_nested_vcs_direct_url(PipenvInstance):
         assert "git" in p.lockfile["default"]["sibling-package"]
         assert "subdirectory" in p.lockfile["default"]["sibling-package"]
         assert "version" not in p.lockfile["default"]["sibling-package"]
+
+
+@pytest.mark.lock
+@pytest.mark.install
+def test_lock_package_with_wildcard_version(PipenvInstance):
+    with PipenvInstance(chdir=True) as p:
+        c = p.pipenv("install 'six==1.11.*'")
+        assert c.ok
+        assert "six" in p.pipfile["packages"]
+        assert p.pipfile["packages"]["six"] == "==1.11.*"
+        assert "six" in p.lockfile["default"]
+        assert "version" in p.lockfile["default"]["six"]
+        assert p.lockfile["default"]["six"]["version"] == "==1.11.0"