Thanks for making a new release; this kind of regression is certainly
important enough to warrant it.
I don't know what went wrong but it looks like the signature at
ftp.gnustep.org is bad:
$ gpg --verify --verbose gnustep-gui-0.31.1.tar.gz.sig
gpg: enabled compatibility flags:
gpg: assuming signed data in 'gnustep-gui-0.31.1.tar.gz'
gpg: Signature made 6.06.2024 (чт) 12:39:51 EEST
gpg: using DSA key 83AAE47CE829A4146EF83420CA868D4C99149679
gpg: issuer"gnustep-maintainer@gnu.org"
gpg: using pgp trust model
gpg: BAD signature from "GNUstep Maintainer<gnustep-maintainer@gnu.org>"
[unknown]
gpg: binary signature, digest algorithm SHA1, key algorithm dsa1024
For Debian it doesn't matter much because even a good signature is
rejected by current dpkg:
dpkg-source: info: verifying ./gnustep-base_1.30.0.orig.tar.gz.asc
gpgv: Signature made Wed May 29 19:34:34 2024 UTC
gpgv: using DSA key 83AAE47CE829A4146EF83420CA868D4C99149679
gpgv: issuer"gnustep-maintainer@gnu.org"
gpgv: Note: signatures using the SHA1 algorithm are rejected
gpgv: Can't check signature: Bad public key
dpkg-source: warning: cannot verify upstream tarball signature for
./gnustep-base_1.30.0.orig.tar.gz: no acceptable signature found
I'm pretty sure I told Ivan about this some time ago. (It's not a
problem that impedes our work but would be nice to fix in the near
future.)