Manual says: - "Download the binary tarball from ‘ftp://....’2 ,Footnotes(2) "As usual, make sure to download the associated .sig file and to verify the authenticity of the tarball against it!" For those who know what you mean by that, the footnote is superfluous, for those who don't know, it is opaque. I do the usual investigation, come up with gpg --verify guix-binary-0.9.0.x86_64-linux.tar.xz.sig gpg: armor header: Version: GnuPG v2 gpg: assuming signed data in `guix-binary-0.9.0.x86_64-linux.tar.xz' gpg: Signature made Wed 04 Nov 2015 10:23:38 AM PST using RSA key ID 3D9AEBB5 gpg: Can't check signature: public key not found after reading the gpg man page, with its multivarous options. So now I need "gpg --import *.asc" is how you import it into the public keyring But now I have to find the .asc file... **UNIX, world's largest Adventure game** as we used to say 30 years ago. Is there some reason the actual command line to verify the sig cannot be put into the manual?