Source: developers-reference Severity: normal Tags: patch I was trying to figure out how to update keys in the debian keyring, specifically after expiry. I read what seemed to be the right section to me here:
https://www.debian.org/doc/manuals/developers-reference/ch03.en.html#key-maint But this refers mostly to complete replacements, and not updates: http://keyring.debian.org/replacing_keys.html It also refers to "the documentation of the debian-keyring package" without any direct link or more clearer reference. After looking at the debian-keyring git repository, I suppose this could be construed as the documentation: https://anonscm.debian.org/cgit/keyring/keyring.git/tree/cheatsheets/keyring ... but it's not installed as part of the debian-keyring package, so I'm not sure what to do with that. It turns out that the keyring site has all the answers I needed, namely that you just push your keys to the keyserver and updates are processed once a month: http://keyring.debian.org/ So the first patch I would suggest is: diff --git a/developer-duties.dbk b/developer-duties.dbk index 1b5643f..389cba3 100644 --- a/developer-duties.dbk +++ b/developer-duties.dbk @@ -172,7 +172,8 @@ apply. <para> You can find a more in-depth discussion of Debian key maintenance in the documentation of the <systemitem role="package">debian-keyring</systemitem> -package. +package and the <ulink +url="http://&keyserver-host;/">http://&keyserver-host;/</ulink> site. </para> </section> to clearly link to that host. Then the following patch imports that critical part of the keyring page: --- a/developer-duties.dbk +++ b/developer-duties.dbk @@ -155,7 +155,9 @@ lost. <para> If you add signatures to your public key, or add user identities, you can update the Debian key ring by sending your key to the key server at -<literal>&keyserver-host;</literal>. +<literal>&keyserver-host;</literal>. Updates are processed at least +once a month by the <systemitem +role="package">debian-keyring</systemitem> package maintainers. </para> <para> If you need to add a completely new key or remove an old key, you need to get One has to wonder why we have that duplication - wouldn't it be better for the debian-keyring folks to maintain their stuff directly in the devel-ref and point their docs here? -- System Information: Debian Release: 8.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable'), (1, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.2.0-0.bpo.1-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)