Comment 32 for bug 125103

How about putting the key packages (ppa-key-$username, for example) all into a single shared PPA repository, signed by a key in the ubuntu keyring (or a key in a package in the main ubuntu repo)? This way one could have a trust path to follow to ensure one is really getting a key for the PPA in question.