The GPG signatures of my software tarballs have been wrong for years (because I’ve been using rsync wrong, funny enough, it wasn’t a GPG issue) and nobody ever noticed. (They still are wrong at the moment, because I haven’t pushed the fix, yet.)

This confirms that this is just a total waste of time. Nobody ever checks this. Maybe this matters if you’re a distro, but why even bother as a single person …