I glanced through https://news.ycombinator.com/item?id=27586146 which has some dialog with a debian supporter of the new non-pgp system.
The plan appears to be to store the new keys in files (e.g. installation media) that is still pgp-signed (not certain) at this point, since the change is only for apt and not media images. So things can still be verified fully using the web of trust, but the process for doing that is still an obscure and bloated one without tooling.
