We failed to convince gnome-software maintainer to do the same:
Well, actually I am more on the opposite side of you on this.
I am more like not wanting to updates so many packages for
current version, knowing that they will be overridden in the
upgrade to the next version.
Actually, thinking a bit more about this, I guess distributing the keys in a package might be wrong in the first place. I have rudimentary knowledge of symmetrical encryption, but isn't it more like the following for gpg for emails?:
Oh I need a key! Do I have it already? Yes... fine. No... download it from the public repository. Is the new key signed with the a key I have? If yes, add it to my list of keys. Else, probably should reject or ask someone who knows better... the user of the computer maybe.
Well... there is the problem of the initial key... maybe if I have no keys at all, I should accept the public key without asking.