We started signing repositories with our new key, added via !682 (merged).
I'm not doing this for
stable because this would require bumping APT snapshots, which requires more QA, and the old key expires on May 7 so this would only make a difference for the first few days of 4.30 lifetime.
I'm doing this for
testing, even though that's mostly useless, to give us greater chances to spot trouble with this migration ASAP.