FWIW I don't understand how InRelease support in debootstrap requires any changes to gpg-related udebs in d-i. If debootstrap is currently throwing a signature verification error in d-i, that means it has some way of verifying signatures... which means it has gpg support. Why does a change to *which* file we're verifying (InRelease, vs. Release{.gpg}) imply having to add new gpg udebs?
FWIW I don't understand how InRelease support in debootstrap requires any changes to gpg-related udebs in d-i. If debootstrap is currently throwing a signature verification error in d-i, that means it has some way of verifying signatures... which means it has gpg support. Why does a change to *which* file we're verifying (InRelease, vs. Release{.gpg}) imply having to add new gpg udebs?