nodejs · haqer1 · Apr 4, 2020 · Apr 9, 2020 · Oct 28, 2020 · Oct 28, 2020
diff --git a/README.md b/README.md
@@ -565,7 +565,9 @@ GPG keys used to sign Node.js releases:
 * **Shelley Vohr** &lt;shelley.vohr@gmail.com&gt;
 `B9E2F5981AA6E0CD28160D9FF13993A75599653C`
 
-To import the full set of trusted release keys:
+To avoid nuances involved in verification of a sub-key possibly used to sign a
+release, it is advised to import the full set of trusted release keys (rather
+than an individual key used to sign a release):
 
 ```shell
 gpg --keyserver pool.sks-keyservers.net --recv-keys 4ED778F539E3634C779C87C6D7062848A1AB005C