Comment 5 for bug 410745

> Do you want me to do any checking before signing this key, or just go ahead and sign it now?

That wasn't meant to be as sarcastic as it may sound.

I can see that there is an apparent lack of security through the key being signed only by some random guy, and that it might be assuaged by the key having been signed by some developers.

On the other hand I am not convinced that's actually providing much more real security, and it may be papering over a problem in PPAs that would be better handled over there.