Update GPG key
wget https://github.com/matomo-org/matomo/releases/download/4.13.1/matomo-4.13.1.tar.gz
wget https://github.com/matomo-org/matomo/releases/download/4.13.1/matomo-4.13.1.tar.gz.asc
gpg --verify matomo-4.13.1.tar.gz.asc
gpg: assuming signed data in 'matomo-4.13.1.tar.gz'
gpg: Signature made Mon 16 Jan 2023 13:13:28 GMT
gpg: using RSA key F529A27008477483777FC23D63BB30D0E5D2C749
gpg: Can't check signature: No public key
The answer is to update the public key:
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys F529A27008477483777FC23D63BB30D0E5D2C749
gpg: key 63BB30D0E5D2C749: public key "Matomo <hello@matomo.org>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg --verify matomo-4.13.1.tar.gz.asc
gpg: assuming signed data in 'matomo-4.13.1.tar.gz'
gpg: Signature made Mon 16 Jan 2023 13:13:28 GMT
gpg: using RSA key F529A27008477483777FC23D63BB30D0E5D2C749
gpg: Good signature from "Matomo <hello@matomo.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: F529 A270 0847 7483 777F C23D 63BB 30D0 E5D2 C749