Hi,
Thanks, Thomas.
I did get the signers key fingeprints from their personal github pages. I would go the full security route if it were only my use I'm concerned with, but I'm working on a Raku module for others and I don't want them to be held up by having to fumble with key trust before at least downloading the files with a first order check with data I can provide.
I'll make sure to document exactly what I'm providing.
Best regards,
-Tom