I guess unman is not anonymous but pseudonymous, which does allow to build trust by spreading the public key over his messages around the web. It seems to me it’s done well and the trust is there in this particular case, just like with Qubes OS itself.
You are making this personal. I am trying to illustrate a principle. - It doesn’t matter who your proxy is and how reputed he is. Nice guys also get hacked, monitored, laptops get stolen etc. What matters is what the consequences of exposing your identity are.
Validating the key for the Qubes ISO is different - the project is not anonymous and validating the key does not require to establish communication with a specific entity.