Not sure if this is the right place to post it, but I wanted to higlight that the Debian repo instructions (https://www.postgresql.org/download/linux/debian/) need updating to bring them inline with Debian best practices. As per https://wiki.debian.org/DebianRepository/UseThirdParty: "The key MUST be downloaded over a secure mechanism like HTTPS to a location only writable by root, which SHOULD be /usr/share/keyrings. The key MUST NOT be placed in /etc/apt/trusted.gpg.d or loaded by apt-key add. A sources.list entry SHOULD have the signed-by option set. The signed-by entry MUST point to a file, and not a fingerprint." This is actually doubly important because bullseye is the final Debian release to ship apt-key.
