Some large resource files representing RSA key blacklists for things like the Debian weak keys were added as part of MDA-69. The reasoning for this was that the Debian weak keys were the primary use case for that stage, so not including the static blacklists was just putting users of the stage to more trouble.

I still think that reasoning is valid, but the resources are quite large. The aggregator-pipeline artifact has grown from about 150KB in v0.8.0 to over 13MB in v0.9.0, so the resources are probably about 98% of the new artifact. It might therefore make sense to bundle the resources (but not the stage) into a separate artifact so that someone deploying in a scenario which doesn't require them doesn't have to include them.

We're a bit late in the cycle for this to be done as part of v0.9.0, so it should probably be done in v0.10.0. I'd actually be happy to bend the rules and do it for a v0.9.1 if we ended up doing that for some other reason.