diff --git a/README.rst b/README.rst
index 5044bc4e6..af05ff04f 100644
--- a/README.rst
+++ b/README.rst
@@ -113,22 +113,6 @@ Now doing another backup, just to show off the great deduplication:
 
 For a graphical frontend refer to our complementary project `BorgWeb <https://borgweb.readthedocs.io/>`_.
 
-Checking Release Authenticity and Security Contact
---------------------------------------------------
-
-`Releases <https://github.com/borgbackup/borg/releases>`_ are signed with this GPG key,
-please use GPG to verify their authenticity.
-
-In case you discover a security issue, please use this contact for reporting it privately
-and please, if possible, use encrypted E-Mail:
-
-Thomas Waldmann <tw@waldmann-edv.de>
-
-GPG Key Fingerprint: 6D5B EF9A DD20 7580 5747  B70F 9F88 FB52 FAF7 B393
-
-The public key can be fetched from any GPG keyserver, but be careful: you must
-use the **full fingerprint** to check that you got the correct key.
-
 Links
 -----
 
diff --git a/docs/installation.rst b/docs/installation.rst
index 523f43cdb..ff5cf7d1a 100644
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -64,6 +64,9 @@ and compare that to our latest release and review the :doc:`changes`.
 Standalone Binary
 -----------------
 
+.. note:: Releases are signed with an OpenPGP key, see
+          :ref:`security-contact` for more instructions.
+
 |project_name| binaries (generated with `pyinstaller`_) are available
 on the releases_ page for the following platforms:
 
diff --git a/docs/support.rst b/docs/support.rst
index 9d64621fc..5ee34de96 100644
--- a/docs/support.rst
+++ b/docs/support.rst
@@ -56,3 +56,21 @@ As a developer, you can become a Bounty Hunter and win bounties (earn money) by
 contributing to |project_name|, a free and open source software project.
 
 We might also use BountySource to fund raise for some bigger goals.
+
+.. _security-contact:
+
+Security
+--------
+
+In case you discover a security issue, please use this contact for reporting it privately
+and please, if possible, use encrypted E-Mail:
+
+Thomas Waldmann <tw@waldmann-edv.de>
+
+GPG Key Fingerprint: 6D5B EF9A DD20 7580 5747  B70F 9F88 FB52 FAF7 B393
+
+The public key can be fetched from any GPG keyserver, but be careful: you must
+use the **full fingerprint** to check that you got the correct key.
+
+`Releases <https://github.com/borgbackup/borg/releases>`_ are signed with this GPG key,
+please use GPG to verify their authenticity.