*If* the reviewer selects an archive_root that isn't a private ppa, the archive_id and signing_key fields should be optional, as they'll never be used and currently need to be filled out with some invented random (but unique!) string.
These fields should be made optional in the review form, and the ckeck to ensure that archive_id is unique for Published and QAPending apps should be changed to consider this fact (and only require it to be unique if the app uses the private ppa archive root).
Also, as a clean up, the code that implements retrieving deblines for public archives (softwarecenteragent.subscription_states.SubscriptionStatePaymentAuthorized.public_deb_line) could probably be removed, as the client never calls this code, as for public archives it can just put together the debline in the client itself, and actually does this.
Is there any reason to even present archive_id and signing_key for other archive_roots? Or do we still have some cases where public PPAs are being used?