Code review comment for lp:~thomir-deactivatedaccount/canonical-identity-provider/trunk-add-gpg-key-management

Just a note about translating the validation phrase: After talking to William about this, there are valid security concerns about not making this translatable.

An attacker could, for example, submit a translation that happened to match some signed text they'd received (in an email, perhaps) from a key they want to claim as their own.

I'd hope that we have something like reviews of translation messages, but I can easily imagine how such a change might get lost in the noise.

We might want to translate this in the future, but we should think very carefully about how we do this in a safe, secure manner.