I’m not planning on including PGP signatures for the initial alphas. I hope we can have a decision well ahead of the beta feature freeze in May next year.
As the first release manager affected by this, I’m also a strong +1 on this.
Sigstore looks a much better solution, we already have it in place, and I’d much rather spend my RM time on things that are more useful for our users, such as including official binary releases for iOS and Android, or releasing installers during the security phase.
I’ve not needed to use PGP for two decades, since Nokia (remember them?) used to mail us Symbian (remember that?) SDKs encrypted on DVDs (remember those?).