Re: Question about voting when the key on the debian keyring is expired...

[Kurt Roeckx <kurt@roeckx.be>]

On Wed, Mar 23, 2022 at 12:22:09AM -0400, Theodore Ts'o wrote:
> Apologies for this administrative question, but we have a couple of
> votes active at the moment, and so inquiring minds want to know.
> 
> Due to an oversight, I managed to forget to update my GPG subkey's
> expiration date.  I've since fixed it, and uploaded it to
> keyring.debian.org, but there's the usual month lag before it the
> keyring package gets updated.  Where does the Debian voting software
> get the keyring which it uses for checking GPG keyrings?
> 
> Does it do a gpg --recv-key from keyring.debian.org?  (Which has the
> updated expiration date for my keys)
> 
> Does it do a finger USERNAME/key@db.debian.org?  (Which has not been
> updated)
> 
> Or does it do something else?

DSA has a copy of the keyring on /srv/keyring.debian.org/keyrings/, and
devotee updates from that using cron.

The keyring in /srv/keyring.debian.org/keyrings/ is only updated when
the keyring maintainers update the keyring, which as you say happens
once a month. As far as I know, it's the keyring maintainers' local copy
that gets distributed to the machines, not the uploaded version.

The keyring maintainers plan to update it tomorrow.


Kurt