On Wed, May 20, 2009 at 07:43:53PM +1000, Ben Finney wrote: > Jonathan McDowell <noodles@earth.li> writes: > > * Replacement of the old key with the new one should not cause any > > other key to no longer be in Debian's Web of Trust nor strongly > > connected subset. > > Is there a simple way of checking whether this is true for a given key? > > > * Replacement of the old key with the new one should not cause a > > significant weakening of Debian's Web of Trust. I don't have exact > > figures for this at present, but it'll be based on the Betweenness > > Centrality and mean-minimum-distance calculations most probably. > > Is there a simple way of getting a metric of this for a given key? The "easiest" way is probably to install the signing-party package and then use keyanalyze: rsync -az --progress keyring.debian.org::keyrings/keyrings/debian-keyring.gpg \ ./debian-keyring.gpg gpg --no-default-keyring --keyring ./debian-keyring.gpg \ --delete-key <old-key> gpg --no-default-keyring --keyring ./debian-keyring.gpg \ --import <new-key> pgpring -S -k debian-keyring.gpg | process_keys > preprocess.keys keyanalyze and then you should have an output/ directory. status.txt has the reachable/strongly connected set sizes at the bottom. other.txt will show you the average MSD. Historic stats for the debian-keyring are at: http://keyring.debian.org/stats/ if you want to compare (2009-05-06 is what you'll get from the above rsync at present). cwot isn't currently packaged, it might possibly be a useful addition to signing-party. J. -- Don't hit the keys so hard, it hurts.
Attachment:
signature.asc
Description: Digital signature