Maybe even rename torbutton.gpg to something that makes sense :D
Yes, we could rename that to something like tb-team.gpg.
Or something else we can do is having a separate .gpg file for each
member of the team, and then listing all members of the team in
gpg_keyring like this:
I think those separate keyrings would be useful for
tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo
too (currently the script downloads the signatures, but doesn't verify the
signatures).
Also, I asked a few people to sign my public key in Ireland, so I'd prefer if we used a gpg file with more signatures in it (I'm still asking people to publish them).
Separate per-user keyrings does also make it a bit easier to have fine-tuned control over who can sign what, and makes the contents of the keyring a bit less opaque.