You @strong{have to} check downloaded archives integrity and verify
their signature to be sure that you have got trusted, untampered
software. For integrity and authentication of downloaded binaries
-@url{https://www.gnupg.org/, The GNU Privacy Guard} is used. You must
+@url{https://www.gnupg.org/, GNU Privacy Guard} is used. You must
download signature (@file{.sig}) provided with the tarball.
For the very first time you need to import signing public key. It is
@item
@verbatim
-% gpg --keyserver hkp://keys.gnupg.net/ --recv-keys 0xF2F59045FFE2F4A1
-% gpg --auto-key-locate dane --locate-keys releases at govpn dot info
-% gpg --auto-key-locate wkd --locate-keys releases at govpn dot info
+$ gpg --auto-key-locate dane --locate-keys releases at govpn dot info
+$ gpg --auto-key-locate wkd --locate-keys releases at govpn dot info
@end verbatim
@item
Then you could verify tarballs signature:
@verbatim
-% gpg --verify govpn-2.3.tar.xz.sig govpn-2.3.tar.xz
+$ gpg --verify govpn-2.3.tar.xz.sig govpn-2.3.tar.xz
@end verbatim