Leaps in logic to DRM and piracy aside, if you trust that you have the correct public key for a source, someone else's signature is not going to match the original key.
It's not much of a leap; both depend on trusting potentially attacker-controlled devices. If my sensor drone signs reports it sends back a remotely exploited drone could send back validly signed tampered data.
It's not a sheep vs. goats problem, where you just have to ID those bad machines and block them.
It's a defector problem. Any 'legitimate' machine can join a botnet at any moment, along with all the permissions and trust you vested it with back when you approved of whatever it was doing.