@example
$ [fetch|wget] http://www.pygost.cypherpunks.ru/pygost-@value{VERSION}.tar.zst
-$ [fetch|wget] http://www.pygost.cypherpunks.ru/pygost-@value{VERSION}.tar.zst.sig
-$ gpg --verify pygost-@value{VERSION}.tar.zst.sig pygost-@value{VERSION}.tar.zst
+$ [fetch|wget] http://www.pygost.cypherpunks.ru/pygost-@value{VERSION}.tar.zst.@{asc,sig@}
+[verify signature]
$ zstd -d < pygost-@value{VERSION}.tar.zst | tar xf -
$ cd pygost-@value{VERSION}
$ python setup.py install
@end example
@include download.texi
-
-But also you can use pip (@strong{no} OpenPGP authentication is
-performed!) with PyPI:
-
-@example
-$ echo pygost==@value{VERSION} --hash=sha256:430bab3fdb4c2f59d89b5c80293468b3d3f5b713b49157d995b723ff909cf7c8 > requirements.txt
-$ pip install --requirement requirements.txt
-@end example
-
-You @strong{have to} verify downloaded tarballs integrity and
-authenticity to be sure that you retrieved trusted and untampered
-software. @url{https://www.gnupg.org/, GNU Privacy Guard} is used
-for that purpose.
-
-For the very first time it is necessary to get signing public key and
-import it. It is provided below, but you should check alternative
-resources.
-
-@verbatim
-pub rsa2048/0xE6FD1269CD0C009E 2016-09-13
- F55A 7619 3A0C 323A A031 0E6B E6FD 1269 CD0C 009E
-uid PyGOST releases <pygost at cypherpunks dot ru>
-@end verbatim
-
-@itemize
-
-@item @url{http://lists.cypherpunks.ru/gost.html, gost} maillist
-
-@item
-@example
-$ gpg --auto-key-locate dane --locate-keys pygost at cypherpunks dot ru
-$ gpg --auto-key-locate wkd --locate-keys pygost at cypherpunks dot ru
-@end example
-
-@item
-@verbatiminclude PUBKEY.asc
-
-@end itemize
+@include integrity.texi
You can obtain development source code with
@command{git clone git://git.cypherpunks.ru/pygost.git}.