How do we know that these latest announcements have really come from Debian?
(I'm asking out of genuine ignorance, and I expect that that is probably a very dumb question,
and that there's a simple answer. But consider, with --paranoia=max, what would you do if you
wanted to attack a massive organization like Debian? Forge some emails, claiming that all of
the keys with which DDs are familiar (recognizing fingerprints and such like) are now