PGP key mismatch?
https://poppler.freedesktop.org/ says
The tarball has been signed (.sig file) by Albert Astals Cid CA262C6C83DE4D2FB28A332A3A6A4DB839EAA6D7.
But:
$ gpg --verify poppler-23.09.0.tar.xz.sig
gpg: assuming signed data in 'poppler-23.09.0.tar.xz'
gpg: Signature made Tue 05 Sep 2023 22:19:04 BST
gpg: using DSA key 8C817BD535D5A44E9CE2EB63FE5444BE6702161B
gpg: Good signature from "Albert Astals Cid <aacid@kde.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8C81 7BD5 35D5 A44E 9CE2 EB63 FE54 44BE 6702 161B
8C817BD535D5A44E9CE2EB63FE5444BE6702161B
(key used for 23.09.0) != CA262C6C83DE4D2FB28A332A3A6A4DB839EAA6D7
(key listed on the website).
Could you update the fingerprint on the website & the link to the key, if this is intentional? Thanks.