From bc007ca5f36861b603f2850f0a77a6ed5dcc1f98 Mon Sep 17 00:00:00 2001
From: David Runge <dvzrv@archlinux.org>
Date: Mon, 29 Mar 2021 21:27:44 +0200
Subject: Add releases section with PGP information

README.rst:
Add a "Releases" section that specifies who is creating releases and which PGP key ID is used to sign tags.
Additionally, information about how to retrieve the relevant public key and how to verify a tag in the repository is
added.

Fixes #114
---
 README.rst | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'README.rst')

diff --git a/README.rst b/README.rst
index 00e79e1..cdbe827 100644
--- a/README.rst
+++ b/README.rst
@@ -148,6 +148,26 @@ Discussion around archiso takes place on the `arch-releng mailing list
 
 All past and present authors of archiso are listed in `AUTHORS <AUTHORS.rst>`_.
 
+Releases
+========
+
+`Releases of archiso <https://gitlab.archlinux.org/archlinux/archiso/-/tags>`_ are created by its current maintainer
+`David Runge <https://gitlab.archlinux.org/dvzrv>`_. Tags are signed using the PGP key with the ID
+`C7E7849466FE2358343588377258734B41C31549`.
+
+To verify a tag, first import the relevant PGP key:
+
+  .. code:: bash
+
+    gpg --auto-key-locate wkd --search-keys dvzrv@archlinux.org
+
+
+Afterwards a tag can be verified from a clone of this repository:
+
+  .. code:: bash
+
+    git verify-tag <tag>
+
 License
 =======
 
-- 
cgit v1.2.3-54-g00ecf