There are several ways in which I prove the authenticity for the source code and the binaries I provide.
The source code archives for MKVToolNix are signed with my GPG key (to be more precise: with sub-key ID 0x74AF00AD F2E32C85, fingerprint 3301 A29D 88D0 1A0C F999 954F 74AF 00AD F2E3 2C85, of key ID 0x0F92290A 445B9007, fingerprint D919 9745 B054 5F2E 8197 062B 0F92 290A 445B 9007). The signature’s file name is the tarball’s file name with .sig appended (e.g. mkvtoolnix-19.0.0.tar.xz.sig for the archive mkvtoolnix-19.0.0.tar.xz). Both files are stored in the same directory.
The same key is used for signing Debian/Ubuntu APT repositories and for e-mail communication.
For Debian & Ubuntu the DEB packages themselves are normally not signed, but the APT repositories they're located in are. I'm following the same approach.
All of my Debian & Ubuntu APT repositories are signed with my GPG key (to be more precise: with sub-key ID 0x74AF00AD F2E32C85, fingerprint 3301 A29D 88D0 1A0C F999 954F 74AF 00AD F2E3 2C85, of key ID 0x0F92290A 445B9007, fingerprint D919 9745 B054 5F2E 8197 062B 0F92 290A 445B 9007).
The same key is used for signing the source code archives and for e-mail communication.
All of my RPM packages for Fedora, CentOS and openSUSE are signed with my RPM signing GPG key (to be more precise: key ID 0x16D2F5DC 10C052A6, fingerprint EB24 BCA1 4BA6 A24F 1427 6FEE 16D2 F5DC 10C0 52A6).
This is a different key than the one used for signing the Debian/Ubuntu APT repositories and for e-mail communication as the RPM binary itself doesn't support the use of sub-keys.
All of my Windows binaries (both the programs themselves and the installer) are signed with a code-signing certificate. Which one was used, depends on the release:
My macOS binaries (both the applications themselves and the disk image) are signed with the following certificate signed by Apple's CA:
I'm using GPG/PGP for encrypted e-mail communication. Here's my GPG key (to be more precise: sub-key ID 0x74AF00AD F2E32C85, fingerprint 3301 A29D 88D0 1A0C F999 954F 74AF 00AD F2E3 2C85, of key ID 0x0F92290A 445B9007, fingerprint D919 9745 B054 5F2E 8197 062B 0F92 290A 445B 9007).
The same key is used for signing Debian/Ubuntu APT repositories and Fedora/CentOS/openSUSE packages.