Comment 7 for bug 1331914

I think the first step is working out the database, webapp model, and archive publisher changes needed to have archives signed with more than one key. Once that's in place, we'd need some webservice and/or web UI methods to manage the set of keys in use.

There's probably no way around the fact that any key transition is going to be rough for some clients, though it might be worth somebody looking at whether anything can be done client-side: for example, given that software-properties knows how to add the key used to sign a PPA at the moment on the basis of knowing how to communicate securely with Launchpad, something in that area could potentially help out with key transitions in a similar way.