Although it is not mandatory to have two keys for a repository, it is easy to recover if the primary key is deleted, we can still sign the packages using the secondary key. The secondary key just acts as a backup key.
From the rpm/debian repository configuration section, we will be able to assign the GPG keys to the repository and we need to make sure the (debian/rpm) clients are configured accordingly.
From the rpm/debian repository configuration section, we will be able to assign the GPG keys to the repository and we need to make sure the (debian/rpm) clients are configured accordingly.