bad security practice
When using the debian repository of Gajim, user is advised to use the GPG key from the same repository (http://gajim.org/downloads.php says "You can get the GPG key of this package by installing gajim-dev-keyring package from the same repository."). this is really bad security practice, you should at least offer the key file / fingerprint from a separate web server. ''-- Ge0rG , Tuesday, November 05, 2013.