Comment 4 for bug 125103

I agree with the point that forcing the user to acknowledge the risk is quite important...

However, I believe that this risk should/could be acknowledged when the user finds the repository and adds it to their sources.list. By adding this repository line and using packages from it, you are effectively trusting the gpg key on the launchpad profile?

So I think that the ppas should be signed with a single key.