Hi Fred,
…
I think it would be better to sign your archive instead.
With your modification you would completely disable checking GPG signatures for every repository (who checks warnings?)
Sadly, the Debian wiki is full of outdated setups but I cannot find a stringent howto for setting up a trusted repo.
Reprepro seem like a possible way to go.
It overcomes another misfeature of these minimal repositories: You cannot pin packages to versions
of this repository but have to set them on hold, else you always risk getting packages from Debian proper.
My 2 cents
Michael