From f32c81fab1bdd4f53ace2ac8febfc1eea4b8d174 Mon Sep 17 00:00:00 2001
From: Andrew David Wong <adw@andrewdavidwong.com>
Date: Sun, 20 Oct 2019 21:38:13 -0500
Subject: [PATCH] Recommend gpg rather than gpg2 due to 2.2.17 changes

Closes QubesOS/qubes-issues#5404
---
 project-security/verifying-signatures.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/project-security/verifying-signatures.md b/project-security/verifying-signatures.md
index 3b9ad1f8..6d7b9bd3 100644
--- a/project-security/verifying-signatures.md
+++ b/project-security/verifying-signatures.md
@@ -52,6 +52,7 @@ There are three basic steps in this process:
 
 If you run into any problems, please consult the [Troubleshooting FAQ] below.
 
+**Note:** We strongly recommending using `gpg` ("Classic") rather than `gpg2` ("Modern") for this procedure, since `gpg2` requires [special steps][gpg2] to work correctly.
 
 ### 1. Get the Qubes Master Signing Key and verify its authenticity
 
@@ -355,7 +356,7 @@ The problem could be one or more of the following:
 ### I'm getting "bash: gpg: command not found"
 
 You don't have `gpg` installed.
-Install it, or use `gpg2` instead.
+We strongly recommending using `gpg` ("Classic") rather than `gpg2` ("Modern") for this procedure, since `gpg2` requires [special steps][gpg2] to work correctly.
 
 
 ### Why am I getting "can't open signed data `Qubes-RX-x86_64.iso' / can't hash datafile: file open error"?
@@ -458,4 +459,5 @@ If you still have a question, please address it to the [qubes-users mailing list
 [GPG documentation]: https://www.gnupg.org/documentation/
 [qubes-users mailing list]: /support/#qubes-users
 [except dom0]: https://github.com/QubesOS/qubes-issues/issues/2544
+[gpg2]: https://github.com/QubesOS/qubes-issues/issues/5404