GPG key has been renewed over time, the latest is the one to use to exchange data with the author, while older keys are still necessary to validate the integrity of older releases. Depending on the release time, the following keys have been used:
3D7F 383C B41E 33D7 0250 A9AC A42E 4223 C818 1A52
3B31 29AF 1DDD EFA5 A37D 818F 0831 B0BD 03D8 B182
1BE4 7606 A74F 178C 7328 43B0 5F64 5B19 16D5 6546
The signature does only proves that Denis Corbin has personally released the sources or binary package. This means there is no malicious code inside the signed packages (If you trust him, of course).