We should have a coherent policy for upstream keyrings. Currently we have all
of the Debian keyrings in our repository except the debian-edu ones, and all
of Ubuntu's keyrings except ubuntu-keyring. We even install
ubuntukylin-keyring by default (I'm pretty sure that's a bug). One argument
that has been given here for excluding ubuntu-keyring is that it "is used to
install/verify non-free packages", but you can apply that argument to all of
the other upstream keyrings we do include. We should either include all of
the upstream keyrings or exclude them all. What do you all think?