> Probably you are thinking there should be atext file in your home where you could add new signature to be sued, but that could be a security issue so probably needs to be something more safe,did any serious patch was sent to improve this and was it rejected or why we expect Canonical to prioritize this over other issues?
If someone can replace that text file, they can replace the binary the key is compiled into.
Apt has utilities for managing keys, You could keep it simple with plain text file that anyone can read and write but some dude can paste the wrong thing and corrupt the file, or you need to update the format and old scripts would corrupt the file etc. It can be done but as a developer I put in my code constant numbers and paths because there is not enough of a reason to justify the effort to save this values somewhere else. From the article it seems that there is not enough interest from distributions to have their own app store so there is no justifications to prioritize this feature over other ones.
If someone can replace that text file, they can replace the binary the key is compiled into.