On Wed, Mar 23, 2022 at 12:22:09AM -0400, Theodore Ts'o wrote:
> Apologies for this administrative question, but we have a couple of
> votes active at the moment, and so inquiring minds want to know.
>
> Due to an oversight, I managed to forget to update my GPG subkey's
> expiration date. I've since fixed it, and uploaded it to
> keyring.debian.org, but there's the usual month lag before it the
> keyring package gets updated. Where does the Debian voting software
> get the keyring which it uses for checking GPG keyrings?
>
> Does it do a gpg --recv-key from keyring.debian.org? (Which has the
> updated expiration date for my keys)
>
> Does it do a finger USERNAME/k...@db.debian.org? (Which has not been
> updated)
>
> Or does it do something else?
DSA has a copy of the keyring on /srv/keyring.debian.org/keyrings/, and
devotee updates from that using cron.
The keyring in /srv/keyring.debian.org/keyrings/ is only updated when
the keyring maintainers update the keyring, which as you say happens
once a month. As far as I know, it's the keyring maintainers' local copy
that gets distributed to the machines, not the uploaded version.
The keyring maintainers plan to update it tomorrow.
Kurt
