I see the latest version's git tag was PGP signed by someone other than the github-actions bot. That's great. Downstream packagers really appreciate authenticity from upstream projects. I have two questions then:

• Can we count on future releases being signed by Felix Handte's key (B774B0A2C0A08A8A7C1D3EF499B5DE0B30966569)?

• If so, could we please also get signed tarball releases with this key, including one for 1.4.9?