I am not sure if I am mixing up stories or whatever, but isn't part of the problem that it is not straight-forward to simply use a new key? Don't the new keys have to be signed by n existing developers or something like that? If this is not the case, then what is stopping people from creating a new key? -- Daniel Devine