I'm not sure what the right list is for posting suggestions...
But is there any chance for a gnupg/pgp keysigning party?
(I'm hoping that one day I can download a package and not get the
error "This key is not certified with a trusted signature! There is
no indication that the signature belongs to the owner".)