+@itemize
+
+@item Go's default @code{proxy.golang.org} and @code{sum.golang.org}
+services won't be able to verify @code{go.cypherpunks.ru}'s TLS
+authenticity, because there are no common trust anchors. You can skip
+their usage by setting @env{$GOPRIVATE=go.cypherpunks.ru}.
+
+@item You can (temporarily) override CA certificate bundle during installation:
+
+@example
+$ [fetch|wget] http://www.ca.cypherpunks.ru/cert.pem
+$ [fetch|wget] http://www.ca.cypherpunks.ru/cert.pem.asc
+$ gpg --auto-key-locate dane --locate-keys stargrave at stargrave dot org
+$ gpg --auto-key-locate wkd --locate-keys stargrave at gnupg dot net
+$ gpg --verify cert.pem.asc
+$ SSL_CERT_FILE=`pwd`/cert.pem GIT_SSL_CAINFO=`pwd`/cert.pem go get \
+ go.cypherpunks.ru/gogost/v5
+@end example
+
+@item You can unpack tarball somewhere and use @code{replace} command in
+your local @file{go.mod}: