From 81f6c76431ef52f758207d016f1aa77025e7fce4 Mon Sep 17 00:00:00 2001
From: Daniel Moch <daniel@danielmoch.com>
Date: Wed, 28 Nov 2018 06:57:04 -0500
Subject: [PATCH] Add Releases section to README

---
 README.rst | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/README.rst b/README.rst
index 80c9c45..a79a11e 100644
--- a/README.rst
+++ b/README.rst
@@ -111,6 +111,18 @@ Pull requests are welcome, preferably via emailed output of ``git
 request-pull`` sent to the maintainer (see here_ for more information).
 Bug reports should also be directed to the maintainer via email.
 
+Releases
+--------
+
+Release tags will always be signed with the maintainer's `PGP key`_
+(also available on any public keyserver_).  PGP-signed versions of
+release tarballs and pre-built wheel_ packages are available on PyPI_,
+with the signature files living alongside the corresponding artifact
+(simply append an ``.asc`` extension). Because the maintainers of PyPI
+do not consider PGP signatures to be a user-facing feature, the
+extension must be added manually in your browser's URL bar in order to
+download the signature files.
+
 Acknowledgements
 ----------------
 
@@ -127,3 +139,7 @@ Schauenberg and the notes_db.py module from nvpy_ by Charl P. Botha.
 .. _nvpy: https://github.com/cpbotha/nvpy
 .. _Flit: https://flit.readthedocs.io
 .. _here: https://www.git-scm.com/docs/git-request-pull
+.. _PGP key: https://www.danielmoch.com/static/gpg.asc
+.. _wheel: https://pythonwheels.com/
+.. _PyPI: https://pypi.org/project/nncli/
+.. _keyserver: https://pgp.mit.edu/pks/lookup?op=get&search=0x323C9F1784BDDD43