Split from T180615. Apparently someone suggested this on #mediawiki_security. We already have a key like this for the parsoid debian repository hosted on releases.wikimedia.org.
We currently need to sign:
- release tarballs and patch files
- git tags
- announcement emails
Discuss.