Preferable way is to :ref:`download <download>` tarball with the
signature from `official website <http://pyderasn.cypherpunks.ru/>`__::
- $ [fetch|wget] http://pyderasn.cypherpunks.ru/pyderasn-|VERSION|.tar.xz
+ $ [fetch|wget] http://pyderasn.cypherpunks.ru/pyderasn-5.4.tar.xz
$ [fetch|wget] http://pyderasn.cypherpunks.ru/pyderasn-5.4.tar.xz.sig
$ gpg --verify pyderasn-5.4.tar.xz.sig pyderasn-5.4.tar.xz
$ xz --decompress --stdout pyderasn-5.4.tar.xz | tar xf -
for keeping compatibility with Py27/Py35. It is included in the tarball.
You can also find it mirrored on :ref:`download <download>` page.
-You could use PIP (**no** authentication is performed!)::
+You could use pip (**no** OpenPGP authentication is performed!) with PyPI::
- $ pip install pyderasn
+ $ cat > requirements.txt <<EOF
+ pyderasn==5.4 --hash=sha256:c6b4cfbe3b4bfb3bed1c5b8fc8e5d4cc78fd2abc10a7c1360336471d9a2b4372
+ six==1.13.0 --hash=sha256:30f610279e8b2578cab6db20741130331735c781b56053c59c4076da27f06b66
+ EOF
+ $ pip install --requirement requirements.txt
You have to verify downloaded tarballs integrity and authenticity to be
sure that you retrieved trusted and untampered software. `GNU Privacy