Github user andrewmlim commented on a diff in the pull request:
https://github.com/apache/nifi-site/pull/27#discussion_r201772672
--- Diff: src/pages/markdown/gpg.md ---
@@ -0,0 +1,524 @@
+---
+title: GPG (Gnu Privacy Guard / Open PGP) Signatures
+---
+
+# Apache NiFi Release Signatures and Code Signing
+
+The purpose of this document is to capture and describe the steps involved
in generating and verifying cryptographic signatures of official releases of
Apache NiFi, as well as configuring cryptographic signatures of individual code
commits. It is written for contributors, committers, and users of Apache NiFi
(and related applications).
+
+## <a name="table-of-contents">Table of Contents</a>
+ * [The Objective](#the-objective)
+ * [Background Material](#background-material)
+ * [Terms](#terms)
+ * [Variable Reference Substitutions](#variable-reference-substitutions)
+ * [Download GPG](#download-gpg)
+ * [Set up a GPG key](#set-up-a-gpg-key)
+ * [Sign your GPG key](#sign-your-gpg-key)
+ * [Publish your key](#publish-your-key)
+ * [Import another GPG key](#import-another-gpg-key)
+ * [Verify a key](#verify-a-key)
+ * [Sign an external key](#sign-an-external-key)
+ * [Web of trust](#web-of-trust)
+ * [Set up git with your key](#set-up-git-with-your-key)
+ * [Signing code](#signing-code)
+ * [Verifying a signature](#verifying-a-signature)
+ * [Set up GitHub with your key](#set-up-github-with-your-key)
+ * [Signing a release artifact](#signing-a-release-artifact)
+ * [Verifying a release signature](#verifying-a-release-signature)
+
+## <a name="the-objective">The Objective</a>
+
+Our aim is to instruct users on how to sign their commits, verify other's
signatures, and do the same for official releases of Apache NiFi.
+
+## <a name="background-material">Background Material</a>
+
+ - These documents are helpful for general environmental setup to perform
GPG signing and signature verification
--- End diff --
Consider adding a colon at the end or adding more space before the bulleted
list.
---
