There are links to signature files on the downloads page, but those files do not yet exist in the repo. For example, the following is a 404 as of this posting: https://files.gpg4win.org/gpg4win-4.0.2.exe.sig
Thank you! The signature checks out. I realize that the EXE is already signed as a Windows installer, but having an established GPG cert provides further assurance that the release is official.
This is a bit off-topic but is related to the release links, so I will note that a generic “gpg4win-latest.exe” and signature were made available in the repo for the 4.0.0 release on 2021-12-21. Was that file intended to be routinely updated to the latest release as a permalink? I assume that it might need either maintained or removed unless it has a purpose I’m just not aware of.
I’m not requesting that something be done as the files are harmless, but just offering a reminder that the file is there and wondering what it was intended for. I personally prefer the existing release style where filenames and links are specific for each version.