Thank you for your interest in this topic!
I only had these two keys in public use in my life.
My personal project history can be found on the Trust page as well, search it for “named proper in past” and you see the whole chain.
Archived releases can be found here:
Not all testers-only versions have been archived. Sourceforge never complained yet. Thanks to them! And to keep it that way, I asked how much they can carry around. They told me, they preferred if we still used their space for releases that have most value to our community and would waste as little space as possible.
Up to TorBOX 0.1.3 the binary releases (+TorBOX 0.2.0-debootstrap) were made by anonymous, higher releases were build by me.
https://www.whonix.org/wiki/Trust says “beginning from Whonix 0.4.5 OpenPGP signatures are uploaded.”. Some versions below were only published together with strong hash sums. Those hash sums were published on a https/hsts enabled website, namely https://trac.torproject.org/projects/tor/wiki/doc/TorBOX. The torproject wiki history is still available and could be interesting. Check it out as long is lasts. Torproject admins could decide to purge this remaining page fragments any moment. In torproject wiki, only the wiki history feature prevented forging published hash sums. Anyone could have edited them after publishing (while the wiki history could only be tampered by people with access to torproject.org, which never included TorBOX developres). This fortunately never happened. Later strong hash sums were uploaded to sourceforge and only available over https for users who were logged into sourceforge. My memory about these old versions begins to fade away.
A bit of Whonix’s history has been written down:
Please feel encouraged to work on this. Would be really great before it’s lost. Please feel also free to ask anything else.