Hi all, I found the GPG keys, which are used in verifying the signatures of release candidates, are much different in dev and release repositories: https://dist.apache.org/repos/dist/dev/pulsar/KEYS https://dist.apache.org/repos/dist/release/pulsar/KEYS
>From here [1], it seems like we need to append the GPG key of a committer into the release repo as well. But it seems that the KEYS file in the release repo is never used. Should we make them consistent? Or just remove the KEYS file in release repo? [1] https://pulsar.apache.org/contribute/create-gpg-keys/#appending-the-key-to-keys-files
