Update GPG key

wget https://github.com/matomo-org/matomo/releases/download/4.13.1/matomo-4.13.1.tar.gz
wget https://github.com/matomo-org/matomo/releases/download/4.13.1/matomo-4.13.1.tar.gz.asc
gpg --verify matomo-4.13.1.tar.gz.asc 
gpg: assuming signed data in 'matomo-4.13.1.tar.gz'
gpg: Signature made Mon 16 Jan 2023 13:13:28 GMT
gpg:                using RSA key F529A27008477483777FC23D63BB30D0E5D2C749
gpg: Can't check signature: No public key

The answer is to update the public key:

gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys F529A27008477483777FC23D63BB30D0E5D2C749
gpg: key 63BB30D0E5D2C749: public key "Matomo <hello@matomo.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg --verify matomo-4.13.1.tar.gz.asc 
gpg: assuming signed data in 'matomo-4.13.1.tar.gz'
gpg: Signature made Mon 16 Jan 2023 13:13:28 GMT
gpg:                using RSA key F529A27008477483777FC23D63BB30D0E5D2C749
gpg: Good signature from "Matomo <hello@matomo.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: F529 A270 0847 7483 777F  C23D 63BB 30D0 E5D2 C749

Webarchitects | Forum | Status | SSH Fingerprints