add release signing key / security contact to README, fixes #1560

author: Thomas Waldmann <tw@waldmann-edv.de> 2016-09-03 18:41:27 +0200
committer: Thomas Waldmann <tw@waldmann-edv.de> 2016-09-03 19:23:40 +0200
commit: 2e1cf17dd5ba5a99185a7a9285bb90a29bb3523f (patch)
tree: 6ee70dd6f49257cfebc2a6a8af7b38948d1f32cb /README.rst
parent: a6620f020e8df7d7a79bb0814d5d26771521f775 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/README.rst b/README.rst
index f6132773e..9b5451c61 100644
--- a/README.rst
+++ b/README.rst
@@ -114,6 +114,22 @@ Now doing another backup, just to show off the great deduplication:
 
 For a graphical frontend refer to our complementary project `BorgWeb <https://borgweb.readthedocs.io/>`_.
 
+Checking Release Authenticity and Security Contact
+==================================================
+
+`Releases <https://github.com/borgbackup/borg/releases>`_ are signed with this GPG key,
+please use GPG to verify their authenticity.
+
+In case you discover a security issue, please use this contact for reporting it privately
+and please, if possible, use encrypted E-Mail:
+
+Thomas Waldmann <tw@waldmann-edv.de>
+
+GPG Key Fingerprint: 6D5B EF9A DD20 7580 5747  B70F 9F88 FB52 FAF7 B393
+
+The public key can be fetched from any GPG keyserver, but be careful: you must
+use the **full fingerprint** to check that you got the correct key.
+
 Links
 =====
author	Thomas Waldmann <tw@waldmann-edv.de>	2016-09-03 18:41:27 +0200
committer	Thomas Waldmann <tw@waldmann-edv.de>	2016-09-03 19:23:40 +0200
commit	2e1cf17dd5ba5a99185a7a9285bb90a29bb3523f (patch)
tree	6ee70dd6f49257cfebc2a6a8af7b38948d1f32cb /README.rst
parent	a6620f020e8df7d7a79bb0814d5d26771521f775 (diff)