You @strong{have to} check downloaded archives integrity and verify
their signature to be sure that you have got trusted, untampered
software. For integrity and authentication of downloaded binaries
-@url{https://www.gnupg.org/, The GNU Privacy Guard} is used. You must
+@url{https://www.gnupg.org/, GNU Privacy Guard} is used. You must
download signature (@file{.sig}) provided with the tarball.
For the very first time you need to import signing public key. It is
@end itemize
Then you could verify tarballs signature:
-@verbatim
-$ gpg --verify nncp-5.1.0.tar.xz.sig nncp-5.1.0.tar.xz
-@end verbatim
+
+@example
+$ gpg --verify nncp-@value{VERSION}.tar.xz.sig nncp-@value{VERSION}.tar.xz
+@end example