Ah, that's it. It's a binary detached signature. I probably missed the documentation when it was originally set up (or maybe it hasn't always been documented well, it was originally set up a decade ago).
I'll fix the signature generation later today and confirm. I don't see a problem with dropping support for binary signatures, at least with a better error message and maybe it deserves a release note.
