From c0e4c8611eae9f662163669522f78bdafe74aed3 Mon Sep 17 00:00:00 2001
From: Patrick McDermott <pehjota>
Date: Wed, 13 Jan 2021 00:52:34 -0500
Subject: doc/install/prokit: Git commits are signed

---
(limited to 'doc/install')

diff --git a/doc/install/prokit.mdwn b/doc/install/prokit.mdwn
index 05043e8..828075c 100644
--- a/doc/install/prokit.mdwn
+++ b/doc/install/prokit.mdwn
@@ -50,12 +50,33 @@ Adjust where necessary if you don't use **sudo**(8).
 Downloading the ProteanOS Development Kit
 =========================================
 
+prokit release archives since version 1.1.0 and Git commits since
+2.0.1-55-g545e082 are signed with the maintainer's OpenPGP 4096-bit RSA key.
+Import the key from a key server (available on the SKS network and on
+keys.openpgp.org).  Finding a signature path from trusted keys in your keyring
+to this key is recommended if possible.
+
+    $ gpg --recv-keys 0x225031F047FFE51663ED516F1A459ECDE4D604BE
+
 The current released version (2.0.1) of prokit lacks features now used by the
 ProteanOS package archive.  Clone prokit from the [Git repository][prokit-git]:
 
     $ git clone git://git.proteanos.com/prokit/prokit.git
     $ cd prokit/
 
+Check for signatures on the recent commits.  Either run:
+
+    $ git log --show-signature
+
+Or configure Git to always show signatures in the log (requires Git 2.10 or
+later):
+
+    $ git config log.showSignature true
+    $ git log
+
+Either way, look for a `Good signature` made `using RSA key
+225031F047FFE51663ED516F1A459ECDE4D604BE` in at least the top-most commits.
+
 [prokit-git]: http://git.proteanos.com/prokit/prokit.git/
 
 
--
cgit v0.9.1