On Wed, Mar 23, 2022 at 12:22:09AM -0400, Theodore Ts'o wrote: > Apologies for this administrative question, but we have a couple of > votes active at the moment, and so inquiring minds want to know. > > Due to an oversight, I managed to forget to update my GPG subkey's > expiration date. I've since fixed it, and uploaded it to > keyring.debian.org, but there's the usual month lag before it the > keyring package gets updated. Where does the Debian voting software > get the keyring which it uses for checking GPG keyrings? > > Does it do a gpg --recv-key from keyring.debian.org? (Which has the > updated expiration date for my keys) > > Does it do a finger USERNAME/k...@db.debian.org? (Which has not been > updated) > > Or does it do something else?
DSA has a copy of the keyring on /srv/keyring.debian.org/keyrings/, and devotee updates from that using cron. The keyring in /srv/keyring.debian.org/keyrings/ is only updated when the keyring maintainers update the keyring, which as you say happens once a month. As far as I know, it's the keyring maintainers' local copy that gets distributed to the machines, not the uploaded version. The keyring maintainers plan to update it tomorrow. Kurt
