@example
$ [fetch|wget] http://www.goredo.cypherpunks.ru/download/goredo-@value{VERSION}.tar.zst
-$ [fetch|wget] http://www.goredo.cypherpunks.ru/download/goredo-@value{VERSION}.tar.zst.asc
-$ gpg --verify goredo-@value{VERSION}.tar.zst.asc goredo-@value{VERSION}.tar.zst
+$ [fetch|wget] http://www.goredo.cypherpunks.ru/download/goredo-@value{VERSION}.tar.zst.@{asc,sig@}
+[verify signature]
$ zstd -d < goredo-@value{VERSION}.tar.zst | tar xf -
$ cd goredo-@value{VERSION}/src
$ go build -mod=vendor
@end example
@include download.texi
+@include integrity.texi
-You @strong{have to} verify downloaded tarballs integrity and
-authenticity to be sure that you retrieved trusted and untampered
-software. @url{https://www.gnupg.org/, GNU Privacy Guard} is used
-for that purpose.
-
-For the very first time it is necessary to get signing public key and
-import it. It is provided below, but you should check alternative
-resources.
-
-@verbatim
-pub ed25519/0x3A528DDE952C7E93 2021-01-09 [SC]
- 7531BB84FAF0BF35960C63B93A528DDE952C7E93
-uid goredo releases <goredo@cypherpunks.ru>
-@end verbatim
-
-@itemize
-
-@item
-@example
-$ gpg --auto-key-locate dane --locate-keys goredo at cypherpunks dot ru
-$ gpg --auto-key-locate wkd --locate-keys goredo at cypherpunks dot ru
-@end example
-
-@item
-@verbatiminclude ../PUBKEY.asc
-
-@end itemize
-
-It is also @command{go install}-able:
+@command{goredo} is also @command{go install}-able:
@example
$ go install go.cypherpunks.ru/goredo