The alert key posed problems because it was part of the protocol. Dev GPG key verification can be done wholly client side and could even be set to trust only developers X and Y or what have you. Set the sites you want to check for updates, set the keys you need to verify a binary. Probably have some simple protocol that allows for a high priority message to be sent to the user. No one has much control over this situation except the user and who owns what keys are irrelevant as long as they aren't all compromised.