Merge pull request #543 from vladimir-v-diaz/packaging_info

Add installation and packaging info to README
2026-05-24 10:08:28 +00:00 · 2017-11-29 16:04:37 -05:00 · 2017-11-29 16:04:37 -05:00 · 6e5c4ff234
commit 6e5c4ff234
parent 8eefbfcc56 ba2153c7a5
1 changed files with 23 additions and 0 deletions
--- a/README.rst
+++ b/README.rst
@ -216,6 +216,29 @@ your own new feature.
 Installation
 ------------

+pip is the recommended installer.  The project can be installed either locally
+or from the Python Package Index.  All `TUF releases
+<https://github.com/theupdateframework/tuf/releases>`_ are cryptographically
+signed, with GPG signatures available on both GitHub and `PyPI
+<https://pypi.python.org/pypi/tuf/>`_.
+
+The latest release and its packaging information, such as who signed the
+release and their PGP fingerprint, can also be found on our 1-year `roadmap
+<https://github.com/theupdateframework/tuf/blob/develop/ROADMAP.md>`_.
+
+Assuming you trust the maintainer's PGP key, the detached ASC signature
+can be downloaded and verified.  For example:
+
+::
+
+   $ gpg --verify securesystemslib-0.10.8.tar.gz.asc
+   gpg: assuming signed data in 'securesystemslib-0.10.8.tar.gz'
+   gpg: Signature made Wed Nov  8 15:21:47 2017 EST
+   gpg:                using RSA key 3E87BB339378BC7B3DD0E5B25DEE9B97B0E2289A
+   gpg: Good signature from "Vladimir Diaz (Vlad) <vladimir.v.diaz@gmail.com>" [ultimate]
+
+Installation instructions:
+
 ::

    pip - installing and managing Python packages (recommended)