diff --git a/README.md b/README.md
index a6ffbe23459aa9..53c45fc40042b8 100644
--- a/README.md
+++ b/README.md
@@ -251,6 +251,7 @@ Below are some examples:
 	    # install
 	```
 
+-	**Note:**: verifying the gpg signature of the hash file only is as secure as verifying the signature of the data itself and common practice (given that it's a strong hash)
 -	**Alternate**: *full key fingerprint imported to apt which will check signatures and checksums when packages are downloaded and installed.*
 
 	```Dockerfile