@example
$ [fetch|wget] http://www.pygost.cypherpunks.ru/pygost-@value{VERSION}.tar.zst
-$ [fetch|wget] http://www.pygost.cypherpunks.ru/pygost-@value{VERSION}.tar.zst.sig
-$ gpg --verify pygost-@value{VERSION}.tar.zst.sig pygost-@value{VERSION}.tar.zst
+$ [fetch|wget] http://www.pygost.cypherpunks.ru/pygost-@value{VERSION}.tar.zst.asc
+$ gpg --verify pygost-@value{VERSION}.tar.zst.asc pygost-@value{VERSION}.tar.zst
$ zstd -d < pygost-@value{VERSION}.tar.zst | tar xf -
$ cd pygost-@value{VERSION}
$ python setup.py install
@include download.texi
-But also you can use pip (@strong{no} OpenPGP authentication is
-performed!) with PyPI:
-
-@example
-$ echo pygost==@value{VERSION} --hash=sha256:430bab3fdb4c2f59d89b5c80293468b3d3f5b713b49157d995b723ff909cf7c8 > requirements.txt
-$ pip install --requirement requirements.txt
-@end example
-
You @strong{have to} verify downloaded tarballs integrity and
authenticity to be sure that you retrieved trusted and untampered
software. @url{https://www.gnupg.org/, GNU Privacy Guard} is used