GPG key doesn't match what the website says

That wiki is kind of old,

If you want you can update it with these new instructions,

#=========================================

1. Trusting by local user

The Trisquel GPG key is installed at a system level, so you need to add it to the user that will verify the key.

First we need to make sure the GPG ID we will be using is the correct one as we'll be assigning absolute trust, Trisquel's images are signed with the main key B138CA450C05112F.

We can confirm it belongs to trisquel with:

$ apt-key finger B138CA450C05112F
pub rsa4096 2017-01-07 [SC]
6036 4C98 69F9 2450 421F 0C22 B138 CA45 0C05 112F
uid [desconocida] Trisquel GNU/Linux <name at domain>
sub rsa4096 2017-01-07 [E]

Now that we are sure the GPG ID is the correct one, we add it to the local user gpg keys:

$ gpg --keyserver pgp.mit.edu --recv-keys B138CA450C05112F

Now we apply absolute trust,

$ echo -e "5\ny\n" | gpg --command-fd 0 --expert --edit-key B138CA450C05112F trust

2. Downloading files

Download in the same directory both files iso and key.

• trisquel_10.0_amd64.iso
• trisquel_10.0_amd64.iso.asc

3. Confirm signatures

At this point we have the parent key (1st step), the iso file and the iso file key (2nd step), now opening a terminal in the directory where are the iso and key, we can check with:

$ gpg --verify trisquel_10.0_amd64.iso.asc
gpg: asumiendo que los datos firmados están en 'trisquel_10.0_amd64.iso'
gpg: Firmado el lun 31 ene 2022 06:38:14 CST
gpg: usando RSA clave 60364C9869F92450421F0C22B138CA450C05112F
gpg: Firma correcta de "Trisquel GNU/Linux <name at domain>" [absoluta]

#=========================================
Which is the Spanish for correct sign, please update accordingly.

Cheers!