From faf5977e8b34f23b33a3a57895f1e104ae5aac69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Re=C5=9Fat=20SABIQ?= Date: Sat, 4 Apr 2020 15:19:53 +0600 Subject: [PATCH] doc: additional note in README(.md) informing users that they may need to import a key used to sign a release & check whether it is a sub-key of a primary key listed in README(.md) (which itself isn't listed in it)... Additional README.md update Fixes: nodejs#32559 --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c7fe50e2e95278..a382bff37f8b6f 100644 --- a/README.md +++ b/README.md @@ -565,7 +565,9 @@ GPG keys used to sign Node.js releases: * **Shelley Vohr** <shelley.vohr@gmail.com> `B9E2F5981AA6E0CD28160D9FF13993A75599653C` -To import the full set of trusted release keys: +If you encounter a release signed by a key not listed above, please import it +and check whether it is a sub-key of a primary key listed above. You can also +import the full set of trusted release keys: ```shell gpg --keyserver pool.sks-keyservers.net --recv-keys 4ED778F539E3634C779C87C6D7062848A1AB005C