I see a new wallet release on https://www.dash.org/wallets/ That page also offers a hash file SHA256SUMS.asc to verify the integrity of the releases. The hash file is signed in PGP. So far so good. I'm using GPG Tools on a Mac and it complains: "Verification FAILED: Signature can not be verified, because the corresponding public key is missing." I spent the last 15 minutes looking for a signing policy and/or the proper key files and couldn't find any. So my questions: Who is authorized to sign Dash releases? What is the fingerprint of that person's public key? (The email address is not good enough, as it's trivial for anyone to generate a PGP key pair for any email address.) Is there a policy document or a page where this info is easily accessible and any changes would be noticed?