I recall someone suggesting this a long time ago, and I (think I) also recall @marmarek doing it, but I can't find the original thread or issue, and I don't see the key in /etc/pki/rpm-gpg/.

qubes-core-vm provides /usr/share/qubes/qubes-master-key.asc in VMs, but providing it in dom0 too would help people who have their DVD writer attached to the same controller as their hard disk. They could burn a verified Qubes (and only Qubes) ISO in dom0 without breaking the security model.

This would be really nice to have in R3.2 about now. It makes the key verification a bit more secure, and helps users by removing several steps from the process. Even better if the R4.0 signing key is also included.

I think it makes sense to include the signing key for the next iteration in the current OS.

This issue is being closed because:

• This issue has the "Release 3.2 updates" milestone.
• Qubes OS 3.2 recently reached end-of-life (EOL).
• This issue has not been updated in over a year.

If anyone believes that this issue should be reopened, please let us know in a comment here.

@andrewdavidwong This doesn't seem related to a particular release.

Documented in Verifying Signatures. Related issue: #4292.