There is a long-established way of handling exactly this sort of thing, and Bisq isn’t doing it. Why even use signing keys if you’re not going to use them in the proper way?
I actually forget the original situation here, but if there are two keys then each of those keys should have signed each other and uploaded the new keys to the keyserver so everyone can verify that each signer knows the other.
If there is a new key, all former signing keys need to sign the new key, and upload all to the keyservers.
Also, the website should expain this situation. It is not acceptable to have a website say one thing, but the actual keys say something different.
This is basic keysigning procedure. Like I said I don’t remember what this situation is but what I’ve just laid out is keysigning 101 and should cover most situations.
To skip this basic security function for a piece of software that uses Tor and handles private data should be a huge red flag for anyone considering using Bisq. We’re not talking about anything special here, just basic keysigning/validation rules.