[Not] including upstream keyrings

We should have a coherent policy for upstream keyrings. Currently we have all of the Debian keyrings in our repository except the debian-edu ones, and all of Ubuntu's keyrings except ubuntu-keyring. We even install ubuntukylin-keyring by default (I'm pretty sure that's a bug). One argument that has been given here for excluding ubuntu-keyring is that it "is used to install/verify non-free packages", but you can apply that argument to all of the other upstream keyrings we do include. We should either include all of the upstream keyrings or exclude them all. What do you all think?