Bug#824038: PGP keyring maintenance is unclear about further references and updates

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#824038: PGP keyring maintenance is unclear about further references and updates
From: Antoine Beaupré <anarcat@debian.org>
Date: Wed, 11 May 2016 11:35:17 -0400
Message-id: <[🔎] 20160511153517.14448.49642.reportbug@angela.anarc.at>
Reply-to: Antoine Beaupré <anarcat@debian.org>, 824038@bugs.debian.org

Source: developers-reference
Severity: normal
Tags: patch

I was trying to figure out how to update keys in the debian keyring,
specifically after expiry. I read what seemed to be the right section
to me here:

https://www.debian.org/doc/manuals/developers-reference/ch03.en.html#key-maint

But this refers mostly to complete replacements, and not updates:

http://keyring.debian.org/replacing_keys.html

It also refers to "the documentation of the debian-keyring package"
without any direct link or more clearer reference. After looking at
the debian-keyring git repository, I suppose this could be construed
as the documentation:

https://anonscm.debian.org/cgit/keyring/keyring.git/tree/cheatsheets/keyring

... but it's not installed as part of the debian-keyring package, so
I'm not sure what to do with that.

It turns out that the keyring site has all the answers I needed,
namely that you just push your keys to the keyserver and updates are
processed once a month:

http://keyring.debian.org/

So the first patch I would suggest is:

diff --git a/developer-duties.dbk b/developer-duties.dbk
index 1b5643f..389cba3 100644
--- a/developer-duties.dbk
+++ b/developer-duties.dbk
@@ -172,7 +172,8 @@ apply.
 <para>
 You can find a more in-depth discussion of Debian key maintenance in the
 documentation of the <systemitem role="package">debian-keyring</systemitem>
-package.
+package and the <ulink
+url="http://&keyserver-host;/";>http://&keyserver-host;/</ulink> site.
 </para>
 </section>
 
to clearly link to that host.

Then the following patch imports that critical part of the keyring
page:

--- a/developer-duties.dbk
+++ b/developer-duties.dbk
@@ -155,7 +155,9 @@ lost.
 <para>
 If you add signatures to your public key, or add user identities, you can
 update the Debian key ring by sending your key to the key server at
-<literal>&keyserver-host;</literal>.
+<literal>&keyserver-host;</literal>. Updates are processed at least
+once a month by the <systemitem
+role="package">debian-keyring</systemitem> package maintainers.
 </para>
 <para>
 If you need to add a completely new key or remove an old key, you need to get

One has to wonder why we have that duplication - wouldn't it be better
for the debian-keyring folks to maintain their stuff directly in the
devel-ref and point their docs here?

-- System Information:
Debian Release: 8.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable'), (1, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.2.0-0.bpo.1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Reply to:

Prev by Date: [developers-reference] branch master updated (5393ab0 -> 9bb10f0)
Next by Date: Bug#807742: developer-reference: Italian Translation
Previous by thread: [developers-reference] 01/01: rephrase to be less inviting to send private mails (instead of using established channels)
Next by thread: Bug#807742: developer-reference: Italian Translation
Index(es):
- Date
- Thread