Disconnect between the developers and the users

This raises a question: who is the target audience for the gpg CLI tool?

Serious security researchers? Then why the project's website does not have a huge "Do not even attempt to use this project yourself" banner, and why gpg signatures are used to verify downloads, why gpg CLI usage is given as "how to check the downloads" documentation?

Non-security gurus? Then these "non-serious bugs" are actually very, very serious.