Context to the binary signing process used for that release:
Alejandro García (key ID E222AA02) built all binaries except the new aarch64 macOS target, as he does not yet have a VM configured for it. Therefore, Henrik Jannsen (key ID 387C8307) provided the aarch64 macOS binary and signed the binaries he received from Alejandro.
Our in-app verification tool does not currently support mixed keys or signatures. It reads the key ID specified in signingkey.asc and applies it uniformly to all binaries. For this reason, Henrik re-signed all binaries using his own key so that the verification process remains consistent and compatible with the current implementation.
Please note that both Alejandro García and Henrik Jannsen are official release managers for Bisq 1 and Bisq 2. Their public keys have been included in the source code for a long time and are distributed with the application to enable independent key verification and cross-checking.
The partial_signatures_by_E222AA02.zip contains the original signatures provided by Alejandro. Users can use those to verify the binaries (except aarch64 macOS) using key E222AA02.
Relevant references:
github.com/bisq-network/bisq/tree/master/desktop/src/main/resources/keyshttps://bisq.network/pubkey/E222AA02.aschttps://bisq.network/pubkey/387C8307.asc
The release process will be further improved in the next version through the introduction of reproducible builds.
I added that note to the release page and the partial_signatures_by_E222AA02.zip file to the assets. Hope that explains and resolves the confusion.