Update Readme section on verifying signatures
EDIT:
We now generate detached signatures for all release lines. There is no documentation on how to verify this. An update to the Readme would be great!
Original
The current process for verifying releases is outputting a warning
gpg: Signature made Thu May 5 17:56:43 2016 CDT using RSA key ID 4C206CA9
gpg: Good signature from "Evan Lucas <evanlucas@me.com>" [ultimate]
gpg: aka "Evan Lucas <evanlucas@keybase.io>" [ultimate]
gpg: WARNING: not a detached signature; file 'SHASUMS256.txt' was NOT verified!
A script to verify and output is included in this gist