From: Jiri Denemark <jdenemar@redhat.com>
Date: Wed, 14 Oct 2020 11:24:29 +0000 (+0200)
Subject: docs: Mention GPG key used for signing releases
X-Git-Tag: v6.9.0-rc1~154
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cb6c2fa4ed0af096a7779827803c141306a8105a;p=thirdparty%2Flibvirt.git

docs: Mention GPG key used for signing releases

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
---

diff --git a/docs/downloads.html.in b/docs/downloads.html.in
index 43366b3694..aa0bb23d45 100644
--- a/docs/downloads.html.in
+++ b/docs/downloads.html.in
@@ -493,6 +493,20 @@
       <li><a href="https://libvirt.org/sources/">libvirt.org HTTPS server</a></li>
     </ul>
 
+    <h2><a id="keys">Signing keys</a></h2>
+
+    <p>
+      Source RPM packages and tarballs for libvirt and libvirt-python published
+      on this project site are signed with a GPG signature. You should always
+      verify the package signature before using the source to compile binary
+      packages. The following key is currently used to generate the GPG
+      signatures:
+    </p>
+    <pre>
+pub  4096R/10084C9C 2020-07-20 Jiří Denemark &lt;jdenemar@redhat.com&gt;
+Fingerprint=453B 6531 0595 5628 5547  1199 CA68 BE80 1008 4C9C
+</pre>
+
     <h2><a id="schedule">Primary release schedule</a></h2>
 
     <p>