Comment 9 for bug 1649097

I am closing this bug report as there is no actionable item.

As mentioned above, source packages are verified using the Ubuntu archive key, not by using the developer's signature.