Product update/create calls not checking for gpg keys correctly
It is possible via hammer to associate gpg key belonging to a different org to product. This needs to be fixed.
Fixes #6027 - Made product gpg update more secure
It is possible via api to associate gpg key belonging to a different
org to product.
This commit checks for gpg key readable + gpg key org association before
accepting the provided gpg key.