We’re publishing Terraform-specific details related to the security bulletin over on this topic. Right now it has basic information about the updated Terraform CLI releases, but it will be updated with more detailed information about Terraform Cloud and Terraform Enterprise.
Each existing Terraform provider’s release is published with dual GPG signatures - one for the old key and one for the new key. You can verify the signature with the new key by checking the signature in the file that ends in SHA256SUMS.72D7468F.sig using the instructions and key published on our security page.