We are currently signing the same packages 2 times and upload each set in two different places at different times.
At pre-release we sign packages and upload them on Github only, then when the version is marked as stable we re-sign and upload them on both Github and S3 (used by the site and the package channels), though actually these “new” signed packages do not overwrite the Github ones, so they end up with a different signature.