BTW, manual update signature verification is error-prone and likely many people forget it/do not do so. It would be better to automate that, on Linux with LVFS, which provides a much more seaming-less solution:
