Please publish your GPG key to verify release tags

[vt-alt]

GPG keys you publish on https://github.com/jonas.gpg does not verify your release tags (also there's suspicious warning Note).

-----BEGIN PGP PUBLIC KEY BLOCK-----
Note: The keys with the following IDs couldn't be exported and need to be reuploaded 25F432923AAC5C77

mQINBFtjGikBEADO/MNTXNAXKjS6Es6XLd01PUR74Bfjq6IlEca4RjDMbnRBS/PU
RoXct36t/yE7+Rg2ftsKzccZCr4wjJYxfgViTjF6azRx1NFxbiSwh2Dp6fEJOPjC
...

After it's imported:

$ gpg --list-key | tail
pub   rsa4096 2018-08-02 [SC]
      0097D647BEA04347590B3CF95D9440708E570A8A
uid           [ unknown] Jonas Fonseca <jonas.fonseca@elementai.com>
sub   rsa4096 2018-08-02 [E]

pub   rsa4096 2021-02-10 [SC]
      A377D857B5C816FB8A8D4CAAE71E3794228D4439
uid           [ unknown] Jonas Fonseca <jonas.fonseca@servicenow.com>
sub   rsa4096 2021-02-10 [E]

$ git verify-tag tig-2.5.8
gpg: Signature made Sat 04 Feb 2023 03:30:05 PM MSK
gpg:                using RSA key 0F93D140781E1A56F6F11E8D65F4CAFFEF53D4C2
gpg: Can't check signature: No public key

Key id is also different.

[vt-alt]

I found your (tagger) key on https://github.com/koutcher.gpg