"how can anyone trust sources signed by an unsigned-gnupg-key committer? In 2024. Really?"
Poster would clearly prefer if some citizens of the Transnational Republic could have signed Jia Tan's keys. I understand that in 2006 this was good enough for 90% of Debian Developers surveyed. Really.