Comment 10 for bug 1016643

Looking into this a bit I think we have various options:
- switch to hpks by default in apt-key for the keyserver requests in apt-key and refuse to do hpk
- change gnupg to reject if a downloaded key is of a different keyid than the requested key [1]
- add code to apt-key to check/fixup the commandline in adv and download the keys to a tempkeyring and check that before further importing
- fix softwareproperties/ppa.py only and download there using python-hpk or a custom implementation

Feedback welcome.

[1] This would be my preferred fix, it would involve adding a new "expected_keys" parameter to import_keys_stream() in g10/keyserver.c or a new "validate_expected_keys()" call or something.