This is a (mostly) solved problem in linux. Your package manager has a central repo, but also can have 3rd party repos added. You'd add the matrix repo and it would automatically update it with everything else. It means everything still gets updated and verified against the keyring.