From 05f718b092e826a7fb2d486259dfee9b10fa746f Mon Sep 17 00:00:00 2001
From: Jure <44338+hoornet@users.noreply.github.com>
Date: Sat, 4 Apr 2026 21:31:36 +0200
Subject: [PATCH] Add signature verification instructions to README

---
 README.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/README.md b/README.md
index d1849c5..e2d9740 100644
--- a/README.md
+++ b/README.md
@@ -33,6 +33,21 @@ sudo apt install gstreamer1.0-plugins-base gstreamer1.0-plugins-good gstreamer1.
 sudo dnf install gstreamer1-plugins-base gstreamer1-plugins-good gstreamer1-libav
 ```
 
+### Verifying signatures
+
+Release updater artifacts (`.tar.gz`, `.nsis.zip`, `.app.tar.gz`) include `.sig` files signed with minisign. To verify:
+
+```bash
+# Save the public key
+echo "untrusted comment: minisign public key: F9D2C39297592652
+RWRSJlmXksPS+cSpOrnmUpmJSebrbT1gxNeS33X/S7fxBAb/SdvWewNm" > vega.pub
+
+# Verify an artifact
+minisign -Vm vega_0.12.1_amd64.AppImage.tar.gz -p vega.pub
+```
+
+**Note:** The standalone `.deb`, `.rpm`, and `.dmg` installers do not have signatures yet — only the updater bundles do.
+
 ## Features
 
 **Identity & accounts**