If you go to the page explaining how to Run Bisq on Qubes (http://s3p666he6q6djb6u3ekjdkmoyd77w63zq6gqf6sde54yg6bdfqukz2qd.onion/index.php/Running_Bisq_on_Qubes#Create_qube)
you will see this instruction:
# Go to the folder where you downloaded the .deb package and the PGP signature
cd Downloads
# Import the signing key of Christoph Atteneder
curl https://bisq.network/pubkey/29CDFD3B.asc | gpg --import
# Verify the signature of the downloaded binary
gpg --digest-algo SHA256 --verify Bisq-*.asc
But if you try to download that key, you can’t because it’s not there. And I don’t even think that’s the key that Bisq is currently signed with, which means that basic security rules are being violated. Is it because Bisq has been hacked, or is it that the Bisq team would benefit from learning the basics of key handling and signing?