F-Droid APK signature verification
Hello,
I think F-Droid's website should provide GPG signature verification instructions. Maybe provide a link to another site like Debian does: https://www.debian.org/download.
Furthermore, as I tried to verify the APK, GPG says that the key has expired:
$ gpg --verify F-Droid.apk.asc F-Droid.apk
gpg: Signature made la 22. heinäkuuta 2023 14.48.28 EEST
gpg: using RSA key 802A9799016112346E1FEFF47A029E54DD5DCE7A
gpg: Good signature from "F-Droid <admin@f-droid.org>" [unknown]
gpg: Note: This key has expired!
Primary key fingerprint: 37D2 C987 89D8 3119 4839 4E3E 41E7 044E 1DBA 2E89
Subkey fingerprint: 802A 9799 0161 1234 6E1F EFF4 7A02 9E54 DD5D CE7A