CAL Archive-Signing GPG Key

Software installed on the Configured Workstations and CAL Servers should be checked for validity before it is installed.

The simplest way to do this on a debian-based system is to use GPG-signed APT repositories. CAL will maintain its own GPG key for the purposes of maintaining an archive and signing other individual packages or changelogs.