I'm fine with the signed-keyring-file approach too, although I haven't confirmed that there are no attacks possible on the code used to verify *that* signature.
I'm fine with the signed-keyring-file approach too, although I haven't confirmed that there are no attacks possible on the code used to verify *that* signature.