Whats the difference between xamarin.gpg and mono-official-archive-keyring.gpg when using a linux apt repository?

[Danrancan]

I'm running Ubuntu Server on a Raspberry Pi 4.

On the mono project website it says you can add an apt repository with the following instructions using the mono-official-archive-keyring.gpg:

sudo apt install ca-certificates gnupg
sudo gpg --homedir /tmp --no-default-keyring --keyring /usr/share/keyrings/mono-official-archive-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
echo "deb [signed-by=/usr/share/keyrings/mono-official-archive-keyring.gpg] https://download.mono-project.com/repo/ubuntu stable-focal main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list
sudo apt update

What is the difference between using these recommended instructions with the mono-official-archive-keyring.gpg, and using the below instructions with the xamarin.gpg key?

wget -O - https://download.mono-project.com/repo/xamarin.gpg | gpg --dearmor | sudo tee /etc/apt/keyrings/xamarin-mono-archive.gpg >/dev/null
echo "deb [signed-by=/etc/apt/keyrings/xamarin-mono-archive.gpg]  https://download.mono-project.com/repo/ubuntu stable-focal main" \
  | sudo tee /etc/apt/sources.list.d/mono-official-stable.list

Why would I use the xamarin.gpg key and those instructions, and whats the difference between that gpg key and the mono-official-archive-keyring.gpg key and it's corresponding instructions? Which one should I use? Please let me know if you can.

[akoeplinger]

There's no difference really, with the first method you're fetching the key from keyserver.ubuntu.com and with the second you're downloading it from download.mono-project.com. Theoretically the first is better since if someone compromises download.mono-project.com they could replace both xamarin.gpg and the binaries.