Weeded out all remaining 3rd-party trusted keys from the apt-key keyring on my Debian machine, moved still relevants (3) to /usr/share/keyrings/ and added them as proper [signed-by=/usr/share/keyrings/...] tag to their /etc/apt/sources.list.d/* files. A thing long overdue. "Trusting" one repository doesn't mean to trust the same key for other repositories as well.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!