> Does Parabola have some sort of keyring that all the upstream keys go
> into? Or did I misinterpret your suggestion? I'm not familiar with the
> Parabola package management system.

No, Parabola does not collect upstream keys into any centralized keyring.

When you are building a package from source, the Parabola build system
verifies the GPG signature of the source archive if the developer's key
is in your keyring. Else, it raises an error and asks you to get the
required key manually. There is also an option that tells the build
system to automatically fetch the key if it is not in your keyring.