allegedly, and from my perspective as a former calyxos employee (i do not represent them)...

the founder was the keeper of the signing keys, and has stated this publicly. when he separated from the institute (which is a whole other story), he didn't give the signing keys to the institute in a timely manner, if at all. although there was no evidence that the keys had been compromised or accessed from outside the organization, there *was* reason to believe that they had not always been handled in a secure manner (which is yet another whole other story). also, because these were key *files*, and probably not even protected by passphrases (but i don't know), copies were always *possible*.

the OS team decided to only release updates signed with *fully* trusted keys going forward, that were not subject to unauthorized copies. the OS team has been working on a hardware security module-based solution for signing. the exception to this was one last update to inform users about this situation, to the extent permitted by comms folks. this was facilitated by eventual cooperation from the founder.

that being said, i do not myself believe that there is any actual risk today associated with using a build signed with these older keys, apart from it not having the latest updates. but i also support switching to new keys that are better safeguarded, and i can't guarantee there wouldn't be a risk associated with these older keys in the future.

there is more to know as well, but too much to write here. still, it is false to say that the calyxos team doesn't want you to know this.

source: i worked on #calyxos while all this was happening. i no longer work for #calyx. and this is all just alleged, based on what i experienced and was told. i never signed an NDA 🙃