My point was that Debian, etc. as conceptually distinct organizations, and so there’s no point in centralizing beyond their organizational boundaries. Each already performs centralized key management, but nobody would particularly benefit from a single global keyring for all Linux distributions, because nobody (?) is transferring package formats across distribution families.
My point was that Debian, etc. as conceptually distinct organizations, and so there’s no point in centralizing beyond their organizational boundaries. Each already performs centralized key management, but nobody would particularly benefit from a single global keyring for all Linux distributions, because nobody (?) is transferring package formats across distribution families.