Thank you for sharing this.  I'm afraid I'm not familiar with the debian dev process to look this up: do you know what avenues will be available for debian users to verify public keys?  Will there be signatures on the keyrings?