In the past, TaskJuggler releases, git tags, to be specific have been
signed with my GPG with key ID 0500838B. This was a 1024 bit DSA key
and is no longer up to today's security standards.
Starting with the upcoming 3.0 release, git tags will be signed with my new key:
pub 4096R/2AD38B49 2011-10-06
Key fingerprint = D14D 6742 89C2 A5D1 E38B 008C CEC1 9DC2 2AD3 8B49
Unfortunately, Ruby gem still does not fully support signed releases.
Until this has been fixed, the gem packages will not be signed. If you
are concerned about security, you should get TaskJuggler from the Git
repository and check the release tag against the above key.