From ba2153c7a564f9356a423c341f112bd1a223a0b9 Mon Sep 17 00:00:00 2001
From: Vladimir Diaz <vladimir.v.diaz@gmail.com>
Date: Wed, 29 Nov 2017 16:00:55 -0500
Subject: [PATCH] Add installation and packaging info to README

Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com>
---
 README.rst | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/README.rst b/README.rst
index de0107ec..156ea2da 100644
--- a/README.rst
+++ b/README.rst
@@ -216,6 +216,29 @@ your own new feature.
 Installation
 ------------
 
+pip is the recommended installer.  The project can be installed either locally
+or from the Python Package Index.  All `TUF releases
+<https://github.com/theupdateframework/tuf/releases>`_ are cryptographically
+signed, with GPG signatures available on both GitHub and `PyPI
+<https://pypi.python.org/pypi/tuf/>`_.
+
+The latest release and its packaging information, such as who signed the
+release and their PGP fingerprint, can also be found on our 1-year `roadmap
+<https://github.com/theupdateframework/tuf/blob/develop/ROADMAP.md>`_.
+
+Assuming you trust the maintainer's PGP key, the detached ASC signature
+can be downloaded and verified.  For example:
+
+::
+
+   $ gpg --verify securesystemslib-0.10.8.tar.gz.asc
+   gpg: assuming signed data in 'securesystemslib-0.10.8.tar.gz'
+   gpg: Signature made Wed Nov  8 15:21:47 2017 EST
+   gpg:                using RSA key 3E87BB339378BC7B3DD0E5B25DEE9B97B0E2289A
+   gpg: Good signature from "Vladimir Diaz (Vlad) <vladimir.v.diaz@gmail.com>" [ultimate]
+
+Installation instructions:
+
 ::
 
     pip - installing and managing Python packages (recommended)