Update keyring file

Athos Ribeirorequested to merge
athos/squid:update-keyiring into master

The squid upstream project hosts its keyring at squid-cache.org/pgp.asc. The latest tarballs for squid 6.10 are no longer being signed by the (only) key in the keyring in d/u/signing-key.asc. Let's update that keyring to include the following key:

28F8 5029 FEF6 E865 "Francesco Chemolli (code signing key) kinkie@squid-cache.org"

This key is available at the upstream keyring and is signed by the previous key included in this keyring.

Note that, although a uscan --download-current does fetch the correct source tarball from the upstream project and reports a good signature from the key above, checking the current tarball in the archive (e.g., with gpgv) will report a bad signature from that key. This happens because the upstream tarball was re-packed and the checksums changed. Also note that the only differences between the "good" and the "bad" signed tarballs are file ownership which changed due to repacking it.

Merge request reports