security – Should I be worried that bitcoincore.org now suddenly only provides an “unsigned” Bitcoin Core installer?

My security script for downloading and verifying new versions of Bitcoin Core barked at me the other day, when the new v0.21.1 was released. (Which still is nowhere to be found on bitcoin.org, BTW.)

At first, I thought it was a temporary glitch, but now it’s been like this for at least three full days. The reason it “barked” is that my script is expecting ...win64-setup.exe, but that file no longer exists. Instead, it’s called: ...win64-setup-unsigned.exe.

See for yourself: https://bitcoincore.org/bin/bitcoin-core-0.21.1/

So, they are no longer making “signed” installers? Beginning with Taproot? Hmm… Something about this feels scary to me. Maybe I’m too paranoid, but after all, you can’t be too sure when it’s about your entire “wealth”.

Isn’t it something bad if the installer is no longer “signed”? Isn’t that a step backwards security-wise, when a major update is being added to Bitcoin Core? Smells a bit fishy to me, frankly.