We are again upon the brink of the ROS signing key expiration (June 1st) and from the Infrastructure PMC we are happy to announce a new package for ROS key and repository management.
The set of packages ros-apt-source and ros2-apt-source for Ubuntu and ros2-release for RHEL provide both the signing key and the repository configuration for ROS and ROS 2 
.
This a big step towards a simpler key update path allowing the ROS project to rotate keys while keeping ROS users in sync as long as the they keep their system up to date! From a security stand-point, having the ability to rotate keys without breaking ROS users has been a longtime goal for the Infrastructure PMC and this is the first step towards it.
The are two flavors of the package for Ubuntu/Debian distributions:
ros-apt-sourceandros2-apt-source: provides key and repository configuration for ROS and ROS 2 main repositories correspondingly.ros-testing-apt-sourceandros2-testing-apt-source: provides key and repository configuration for ROS and ROS 2 testing repositories correspondingly.
For RHEL there is a single package ros2-release that configures both main and testing repositories and enables the main repository as the default behavior.
The migration guide can be found here.