Comment 9 for bug 1016643

We can't really use the traditional web of trust. I trust some Launchpad PPAs, but not others, so I can't just trust any key that Launchpad has signed. The only thing add-apt-repository could do is use a local key to automatically sign when someone requests that a new repository be added, which isn't much less messy than what we have today.