Thanks All
But again, verifying the signature on windows doesn't seem to instill confidence at all
Corvwin doesnt have a certified key
I am not a certificate expert, so I dont know how all of this works
So, I still hope Corwin or the Windows Binaries volunteers will still be able to provide
SHA-256 hashes
PS C:\downloads> C:\"Program Files (x86)"\GnuPG\bin\gpg --keyserver keyserver.ubuntu.com --recv-keys ECE77CF417C76C1ACFCE7C2B5B6135511580F007
gpg: key 5B6135511580F007: public key "Corwin Brust <corwin@bru.st>" imported
gpg: Total number processed: 1
gpg: imported: 1
PS C:\downloads> C:\"Program Files (x86)"\GnuPG\bin\gpg --verify .\emacs-28.1.zip.sig
gpg: assuming signed data in '.\emacs-28.1.zip'
gpg: Signature made 2022-04-21 4:11:30 PM Eastern Daylight Time
gpg: using RSA key ECE77CF417C76C1ACFCE7C2B5B6135511580F007
gpg: Good signature from "Corwin Brust <corwin@bru.st>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: ECE7 7CF4 17C7 6C1A CFCE 7C2B 5B61 3551 1580 F007