hplip updates my public key ring and changes its ownership to "root"

I ran hplip-3.13.4.run as instructed, i.e., as an ordinary user, which then prompts for my sudo password.

Immediately before running it, my directory .gnupg contained the following files:

-rw------- 1 selinger selinger 113524 Feb 2 11:29 pubring.gpg
-rw------- 1 selinger selinger 600 Mar 12 02:18 random_seed
-rw------- 1 selinger selinger 1050 Jan 17 2004 secring.gpg
-rw------- 1 selinger selinger 40 Apr 7 18:08 trustdb.gpg

After running hplip, the files were as follows:

-rw------- 1 root root 114071 Apr 21 18:28 pubring.gpg
-rw------- 1 root root 114071 Apr 21 18:28 pubring.gpg~
-rw------- 1 selinger selinger 600 Mar 12 02:18 random_seed
-rw------- 1 selinger selinger 1050 Jan 17 2004 secring.gpg
-rw------- 1 selinger selinger 1200 Apr 21 18:28 trustdb.gpg

There are two things about this that I think are improper:

(1) A printer driver such as hplip should not be updating my public key ring (pubring.gpg) and my trust database (trustdb.gpg), without asking my permission to do this. This feels like a Trojan horse. What business does hplip have to mess with my public key infrastructure? Why does it do this covertly? If hplip needs some public key to verify a cryptographic signature or something then it should be putting the key in a temporary location, not in the user's key ring.

(2) It is especially annoying that the generated pubring.gpg is owned by root. This makes it unusable by the user it belongs to, and also makes it harder to restore it to its original state.

Please fix! Thanks, -- Peter