Comment 3 for bug 1266204

As said already, it is great that drizzle gpg-signs their source tar balls :)
So the only thing probably missing is a key-ring which contains all keys allowed for signing the source...

Just an idea:
Maybe each key in the keyring should be then signed by a master-drizzle-developer key to build some Web of thrust?