From bc007ca5f36861b603f2850f0a77a6ed5dcc1f98 Mon Sep 17 00:00:00 2001 From: David Runge Date: Mon, 29 Mar 2021 21:27:44 +0200 Subject: Add releases section with PGP information README.rst: Add a "Releases" section that specifies who is creating releases and which PGP key ID is used to sign tags. Additionally, information about how to retrieve the relevant public key and how to verify a tag in the repository is added. Fixes #114 --- README.rst | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/README.rst b/README.rst index 00e79e1..cdbe827 100644 --- a/README.rst +++ b/README.rst @@ -148,6 +148,26 @@ Discussion around archiso takes place on the `arch-releng mailing list All past and present authors of archiso are listed in `AUTHORS `_. +Releases +======== + +`Releases of archiso `_ are created by its current maintainer +`David Runge `_. Tags are signed using the PGP key with the ID +`C7E7849466FE2358343588377258734B41C31549`. + +To verify a tag, first import the relevant PGP key: + + .. code:: bash + + gpg --auto-key-locate wkd --search-keys dvzrv@archlinux.org + + +Afterwards a tag can be verified from a clone of this repository: + + .. code:: bash + + git verify-tag + License ======= -- cgit v1.2.3-70-g09d2