It would affect people who were not allowed to work because their company was not sure if they are allowed to work in New Zealand. At individuals level sure, this is going to have little to no effect.
But - lot of people need their employers permission to work in a different country and Employers have specific policies about where an Employee is allowed to work depending on Employee's status in that country.
Say I already trust packages.redhat.com and install rpms regularly from it. I likely already have trusted their key.
Now packages.redhat.com gets hacked - if hacker also stole private key used for signing packages and replaced the RPMs. I will get warning/error while installing rpms (which I admit most users will ignore) but a curl|bash kinda defeats the point of package signing too.