https://bugs.winehq.org/show_bug.cgi?id=52439
--- Comment #8 from Osamu Aoki osamu.aoki@gmail.com --- Hi,
Sveinar, We are talking about cryptographic key mechanism which is used by the software package management tool APT during the normal package update. Without having public key installed in advance, the package installation of packages from wine-hq signed repo will be rejected by APT.
For Distribution itself, installer can by-pass this restriction for the public key file package during the initial installation.
Distribution's key file package can be updated as long as it is signed by a installed key. So something similar can be used to update the key file if wine-hq changes its public and secret key pair.
Cheers,
Osamu