canonical
Use hkps by default
https://github.com/canonical/snapcraft/blob/df4ec6775a28d4a345c93d9f83a1193c0abc1c9d/snapcraft_legacy/internal/repo/apt_key_manager.py#L148-L149
I think there are some circumstances where networks may fail to fetch a key unless hkps:// is specified instead of the (presumed, usually working) https://.
There's at least one observed instance where specifying the keyserver as hkps://keyserver.ubuntu.com instead of just keyserver.ubuntu.com resulted in a successful key fetch instead of the error being hit previously (something about "unable to fetch GPG key").
While technically hkps is served over port 443 like https, it's possible that some networking setups may not like this.
This is largely speculation on my part, but from what I've seen it appears to be good practice to specify hkps.
This may also impact craft-archives here https://github.com/canonical/craft-archives/blob/92c37a25d8efa7136223222d30043bf3e8d3fd12/craft_archives/repo/apt_key_manager.py#L301
I'm uncertain if this is better off as a code-change or a documentation update. It's probably easier in the documentation to explain that if a GPG key fetch error happens, specifying key-server: hkps://keyserver.ubuntu.com or the like may resolve the issue - @medubelko this kind of hits on https://github.com/canonical/craft-archives/issues/190, although some things may be hard-coded...
