Note that SRUing debian-archive-keyring to xenial and earlier is hard,
because its keyring generation code relies on gpg features that were
added after bionic, and avoiding those features would break
reproducibility of the generated keyring files and invalidate the
signatures by Debian release
** Description changed:
While not necessarily a critical issue for the Ubuntu keyrings, as
Debian uses newer keys periodically, it becomes impossible with the
default keyrings to verify the latest Debian archive files.
It seems reasonable to ensure the keyring contents in all releases