http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/long-wiki-edits-thread/3477/1538
So, Bob has certified the Tails signing key as actually belonging to Tails. In this scenario, you found, through Alice and Bob, a path to trust the Tails signing key without the need to rely on certificate authorities. If you are on Debian, Ubuntu, or Linux Mint, you can install the debian-keyring package which contains the OpenPGP keys of all Debian developers.