Many people and groups who maintain software want to sign releases using OpenPGP methods, and GNUPG provides many mechanisms to enable this. Signing with a personal key is one option, but over time there is a need for multiple people to be able generate signatures. Increasing desires for resilience in software supply chains means that a solution that scales to multiple people, and yet to keep the private keys offline when not in use. There is increasingly availability for storing GnuPG keys on hardware devices like the YubiKey.
This page details the setup and configured required to do signatures on software releases using a private key stored on multiple devices.