diff --git a/README.rst b/README.rst
index f6132773e..9b5451c61 100644
--- a/README.rst
+++ b/README.rst
@@ -114,6 +114,22 @@ Now doing another backup, just to show off the great deduplication:
For a graphical frontend refer to our complementary project `BorgWeb `_.
+Checking Release Authenticity and Security Contact
+==================================================
+
+`Releases `_ are signed with this GPG key,
+please use GPG to verify their authenticity.
+
+In case you discover a security issue, please use this contact for reporting it privately
+and please, if possible, use encrypted E-Mail:
+
+Thomas Waldmann
+
+GPG Key Fingerprint: 6D5B EF9A DD20 7580 5747 B70F 9F88 FB52 FAF7 B393
+
+The public key can be fetched from any GPG keyserver, but be careful: you must
+use the **full fingerprint** to check that you got the correct key.
+
Links
=====