They are curated databases of trusted keys. If you have 60 apps installed, you don't have to trust that 60 different devs have propper opsec on their Github accounts. Instead you can delegate trust to a handful of parties that aggregated trusted keys.