Comment 5 for bug 125103

Well.... I have two solutions for that. Is it really a good idea to have only ONE key for all PPAs? Does an user trust ALL PPA because he adds one PPA of his choice to his source.list? I would only trust the one that I added....

1. Upload new private key
The PPA-owner can upload a private key to his account for that and launchpad will use that key to sign his PPA. Of course the user should be warned that he should create a new key for that instead of using his standard-private-key.

2. Sign like code of conduct
The PPA-owner could download (or get it per mail) to sign it at his local computer with his key and upload it to launchpad again.
Maybe it is possible to that like signing code of conduct. .. and yes, it is a little bit annoying if an owner upload many packages. But no one needs to sign it... he could use it without it. ;-)