Hi,
I tried importing, verifying gpg key and got ... is this ok?
gpg --verify roundcubemail-1.4.10-complete.tar.gz.asc roundcubemail-1.4.10-complete.tar.gz
gpg: Signature made ned 27 dec 2020 22:58:11 CET
gpg: using RSA key 8970E37A698AF775D87D590DC2946A9609CD56B4
gpg: issuer "devs@roundcube.net"
gpg: Good signature from "Roundcube Developers <devs@roundcube.net>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: F3E4 C04B B3DB 5D42 15C4 5F7F 5AB2 BAA1 41C4 F7D5
Subkey fingerprint: 8970 E37A 698A F775 D87D 590D C294 6A96 09CD 56B4