docs: include PGP key fingerprints

Signed-off-by: Babak K. Shandiz <babakks@github.com>
2026-04-07 22:13:06 +01:00 · 2026-04-07 22:13:06 +01:00 · 5f38ef1a02
commit 5f38ef1a02
parent d0558fcbaa
1 changed files with 17 additions and 0 deletions
--- a/docs/install_linux.md
+++ b/docs/install_linux.md
@ -2,6 +2,13 @@

 ## Recommended _(Official)_

+> [!IMPORTANT]
+> All Linux packages and repository metadata are signed with the following PGP key fingerprints:
+> - `2C6106201985B60E6C7AC87323F3D4EA75716059`
+> - `7F38BBB59D064DBCB3D84D725612B36462313325`
+>
+> You may be prompted to confirm the import of these keys during installation.
+
 ### Debian

 Debian packages are hosted on the [GitHub CLI marketing site](https://cli.github.com/) for various operating systems including:
@ -33,6 +40,13 @@ sudo apt update
 sudo apt install gh
 ```

+> [!TIP]
+> To verify the imported PGP keys, you can run this and match the listed fingerprints with those at the top of this document:
+>
+> ```shell
+> gpg --show-keys /etc/apt/keyrings/githubcli-archive-keyring.gpg
+> ```
+
 ### RPM

 RPM packages are hosted on the [GitHub CLI marketing site](https://cli.github.com) for various operating systems including:
@ -46,6 +60,9 @@ RPM packages are hosted on the [GitHub CLI marketing site](https://cli.github.co

 These packages are supported by the GitHub CLI maintainers with updates powered by [GitHub CLI deployment workflow](https://github.com/cli/cli/actions/workflows/deployment.yml).

+> [!TIP]
+> During installation, you may be prompted to confirm the import of PGP keys. You can verify the keys with the list of fingerprints at the top of this document.
+
 #### DNF5

 > [!IMPORTANT]