Exactly. It was a bold and necessary move to defend the users and the project. Some users got bricked OSes, but had he handed over the keys it would have put those users at risk and would have destroyed the credibility of the project. Also, and as from what I understood from the GOS response he was not an employee of the company and had the ownership of his OS, and CopperOS would have been able to use their own signing keys but they never did which is strange, so even legally it looks like a "level-headed" response.