[LONG SHOT] Modify backdoored ISO to trust malicious PGP keys

[hackers-terabit]

The title says it all, as far as I can tell, outside of the bsd's only rpm and deb distros have GPG signed hash/package-tree/package.

We can either insert an additional fully trusted fingerprint/key or find a collision with existing short fingerprints and try to mitm any HKP:// refreshes done.