@fepitre I opened an issue on Heads side in the goal of potentially include QubesOS 4.1 fepitre-bot public distro signing key inside of Heads supported signing distro keys here.
As you might know, Heads permits to verify ISO when a accompanying ISO detached signature is provided alongside, as long as Heads have the corresponding distro signing public key fused inside of the ROM.
Here, let it be under debian-10 or Heads, the importation of fepitre-bot distro public signing key results in:
user@x230-master:~/heads$ gpg --import initrd/etc/distro/keys/qubes-testing.key
gpg: key 656946BA873DDEC1: new key but contains no user ID - skipped
gpg: Total number processed: 1
gpg: w/o user IDs: 1
user@x230-master:~/heads$ gpg --version
gpg (GnuPG) 2.2.12
Consequently, I cannot distribute keys.openpgp.org under Heads to facilitate QubesOS ISO testing.
Not the end of the world. Heads users can still gpg --detach-sign with their own keypair and validate detached signature produce against their public key fused inside of the ROM, but the whole concept of being able to import the public distro key of fepitre-bot to validate detached signatures of ISOs seems to not work correctly here.
Advice? Possibility of renewing that public distro-key with a valid user ID?