> I have imported PGP keys of the texinfo maintainers from
> https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=texinfo
As far as I know, there is no particular guarantee that that list of
keys is meaningful. Apparently it contains keys of all members of the
texinfo group (which is quite different than "maintainers") on Savannah
.. at some random time.
You can see that Gavin is an administrator of the texinfo group at
https://savannah.gnu.org/projects/texinfo/, and posted the 6.0
news announcement there.
At any rate, The only official source of "who is the maintainer" is
/gd/gnuorg/maintainers on fencepost.gnu.org (which does list Gavin). I
know that file is not available from the outside (intentionally -- rms's
decision many years ago), but still, that is the reality.
Anyway, the answer is yes, it is ok and expected that the release
tarball is signed by Gavin.
Best,
Karl
