I went to validate the latest download using the asc file here
https: // dl.gitea.com/gitea/1.21.2/gitea-1.21.2-linux-amd64.asc
But that doesn’t look like any kind of ASCII file I have ever seen see this gobledy gook:
□3
!□d□□g□□□□$□E_□F2□S□□ex□
□□□| _□F2□S□□I□□□aT<□□}܊□@.
□+□□2□□□h□□(p□q/Q~□]�□,□ҳ□□?□□w□’d4□H
r□=□□z□RG□[PQI^nL0□η
7x□□u □□1x□□□Q□⸮□,>□□A[□□FḎ□□□□□□sW□z~□)□k□□M)□
%a7□cJ□□□□s□~□□□v
□□□□/□߽Q□□nL]□□W□T□□□F□ □□I,□Xx□□□4□$□□□g□S□i~□@□
Q[□□□E’□O□□46□□)□□□□□tŁ□□□t□,□.□~□_R□:□□P□□&d□□□e□□□□□□□□F□□#□ׂ?yO□.□□/□□_□□$xav4□a□□mL□fd^□9C?□□R□g□□□□.□+□J□և,[□□@□□□□Z6 Ȫ□c□]□8□^9□"□@□:|□ol□□H□□□□f□c□a□v's□□6X□□;□□i□□{□T□□<q□□□U□Ў□I□y0Pa□□□j(□mz҆#<t□□□,□E ١□□□□□□Q□}□□□U□□□□□□□Ԛ□7□r
and when you validate with it you get:
gpg: Signature made Tue 12 Dec 2023 06:54:12 AM UTC
gpg: using RSA key CC64B1DB67ABBEECAB24B6455FC346329753F4B0
gpg: Good signature from “Teabot <teabot @ gitea.io>” [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 7C9E 6815 2594 6888 62D6 2AF6 2D9A E806 EC15 92E2
Subkey fingerprint: CC64 B1DB 67AB BEEC AB24 B645 5FC3 4632 9753 F4B0