Our Debian and Ubuntu installation instructions currently tell people to download keys based on their 32-bit key id.

Key servers will serve the latest key matching the requested key id, and it is trivial to create key id collisions.

I don't know if this would be an issue in practice, but let's just switch to the full GPG key fingerprint if possible.