Add releases section with PGP information

README.rst: Add a "Releases" section that specifies who is creating releases and which PGP key ID is used to sign tags. Additionally, information about how to retrieve the relevant public key and how to verify a tag in the repository is added. Fixes #114
2021-03-29 21:27:44 +02:00 · 2021-03-29 21:27:44 +02:00 · bc007ca5f3
commit bc007ca5f3
parent d178183c2e
1 changed files with 20 additions and 0 deletions
--- a/README.rst
+++ b/README.rst
@ -148,6 +148,26 @@ Discussion around archiso takes place on the `arch-releng mailing list

 All past and present authors of archiso are listed in `AUTHORS <AUTHORS.rst>`_.

+Releases
+========
+
+`Releases of archiso <https://gitlab.archlinux.org/archlinux/archiso/-/tags>`_ are created by its current maintainer
+`David Runge <https://gitlab.archlinux.org/dvzrv>`_. Tags are signed using the PGP key with the ID
+`C7E7849466FE2358343588377258734B41C31549`.
+
+To verify a tag, first import the relevant PGP key:
+
+  .. code:: bash
+
+    gpg --auto-key-locate wkd --search-keys dvzrv@archlinux.org
+
+
+Afterwards a tag can be verified from a clone of this repository:
+
+  .. code:: bash
+
+    git verify-tag <tag>
+
 License
 =======