doc: additional note in README(.md) informing users that it is advise…

…d to import the full set of trusted release keys (rather than an individual key) (reconciled with another suggestion from code review) The OP finds his original suggestion more descriptive & more user-friendly, but prefers to move on since that suggestion is stalled in favor of much shorter verbiage Co-Authored-By: Myles Borins <[email protected]> Fixes: nodejs#32559
haqer1 · Oct 28, 2020 · 945cce5 · 945cce5
1 parent 2e103ed
commit 945cce5
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/README.md b/README.md
@@ -565,8 +565,7 @@ GPG keys used to sign Node.js releases:
 * **Shelley Vohr** &lt;[email protected]&gt;
 `B9E2F5981AA6E0CD28160D9FF13993A75599653C`
 
-To avoid nuances involved in verification of a sub-key possibly used to sign a
-release, import the full set of trusted release keys:
+To import the full set of trusted release keys (including subkeys possibly used to sign releases):
 
 ```shell
 gpg --keyserver pool.sks-keyservers.net --recv-keys 4ED778F539E3634C779C87C6D7062848A1AB005C