their signature to be sure that you have got trusted, untampered
software. For integrity and authentication of downloaded binaries
@url{https://www.gnupg.org/, GNU Privacy Guard} is used. You must
-download signature (@file{.sig}) provided with the tarball.
+download signature (@file{.asc}) provided with the tarball.
For the very first time you need to import signing public key. It is
provided below, but it is better to check alternative resources with it.
Then you could verify tarballs signature:
@example
-$ gpg --verify nncp-@value{VERSION}.tar.xz.sig nncp-@value{VERSION}.tar.xz
+$ gpg --verify nncp-@value{VERSION}.tar.xz.asc nncp-@value{VERSION}.tar.xz
@end example