Curl | sudo bash is insecure as it still uses legacy trusted.gpg keyring

the script contains calls to apt-key which is a security vulnerability vector. apt-add-repository will no longer work either as it doesnt support the signed-by syntax.

Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
W: ht tp:// Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

see What commands (exactly) should replace the deprecated apt-key? - Ask Ubuntu

we want to do something like this instead

curl -sS htt ps:// | sudo gpg --dearmor --output /usr/share/keyrings/zerotier-archive-keyring.gpg

create a /etc/apt/sources.list.d/zerotier.list with
deb [arch=amd64 signed-by=/usr/share/keyrings/zerotier-archive-keyring.gpg] htt
ps:// stable main