Debian keyring analysis
I was bored at work today, and wrote a quick-and-dirty Python script for
analyzing the Debian keyrings. Specifically, I wanted to know how
strongly connected the keys in Debian's keyring are. A strongly
connected set of keys is such where all keys in the set are reachable
via signatures from all other keys in the set. Thus, if A signs B, and B
signs A and C, but C doesn't sign anything, then A and B form a strongly
connected set (A is reachable from B and B is reachable from A), but C
is not included in that set (C is reachable from B, but not vice versa).
Anyway, according to this version of the script, we have one large
strongly connected set (769 keys), a few smaller ones, and 487 single,
unconnected keys:
sets keys in set
487 1
14 2
2 3
1 4
2 5
1 7
1 769
I'm not sure these results are useful, but it might be worthwhile to
think about whether more keys should be in the strongly connected set.
I'm sure many of them could be strongly connected with little effort.
For example, my new key is signed by my old key which used to be in the
keyring, but since the old key has been removed there is now no strong
connection between my new key and the big strong group. (I'll rectify
this by signing Richard Braakman's key, or something.)
Script and results are at http://liw.iki.fi/liw/temp/keyring/
The keyrings were fetched via rsync from keyring.debian.org today.
Reply to: