Instead of relying on potentially compromised GitHub keys, use official channels provided by Broadcom: