[willstrafach]

Their update signing is surely performed using an HSM with strict procedures for getting production builds signed, due to the exceptional sensitivity.

I think you might underestimate the gravity of such a thing happening, it would not be glossed over.

[Programmatic]

What are the alternatives once an event occurs and Google/Microsoft/Redhat/?? claim it was an accident outside of their control (possibly due to negligence)? Yes, outside experts will be investigating to the best of their ability and there will be a statement about what measures have been put in place to mitigate the issue in the future. But what else would happen?