How do I verify the cryptographic GPG signature of Matomo packages?

Matomo provides GPG signatures to verify that downloaded release files are authentic and have not been modified. When we create a new Matomo release, each release file on builds.matomo.org is accompanied by an .asc signature file. For example, matomo.zip has a matching matomo.zip.asc file.

This signature confirms that the file is exactly the one published by Matomo and was not altered by a third party.

Read more on How do I verify Matomo release builds using GPG?