for the last month (v6.6.0 and v6.7.0) libvirt has been released with a new key 453B65310595562855471199CA68BE8010084C9C (first seen:2020-07-20). It hasn't been signed or verified by any other source in libvirt / redhat yet. https://www.redhat.com/archives/libvirt-announce/2020-July/m...

That is preventing downstream distros, like arch, from admitting these new releases into their package repos.

Critical infrastructure, indeed.