This code is still fundamentally wrong (assuming unknown UIDs are DDs is
idiotic; of course we know that the keys have had to pass the sig check
against the keyring so it's not a security issue thankfully; it just
might give a one shot limited window for DMs to upload non-DM packages)