Re: Bits from keyring-maint: Pushing keyring updates. Let us bury your old 1024D key!
Vincent Danjean dijo [Tue, Mar 04, 2014 at 05:16:43PM +0100]:
> On 03/03/2014 19:13, Gunnar Wolf wrote:
> > If you have a key with not-so-many active DD signatures (with
> > not-so-many ≥ 2) waiting to get it more signed, stop waiting and
> > request the key replacement².
>
> Is there a way to check this requirement? I've a 4096R key since
> 2010 that I made signed by various people. How can I count how many
> signatures have been done by people in the current Debian Keyring ?
> Extra bonus if I can count signatures from the Debian keyring AND
> that will be kept here (ie with key >= 4096R)
> If a gpg expert can give a small script to make these checks, it
> will be appreciated.
Just adding to the already-replied answer (keycheck.sh): We check
against the live keyring. This means, however, that if we have just
updated the key for DD X, and you have X's signature with the old key,
our scripts won't recognize it. Of course, it also means that if Y
signed you with a new key, and we have not yet processed Y's request,
his new key will not show up in our working tree :-|
...Which sucks, yes. But then again, we might reject your request as
it does not have enough signatures, then you tell us, "oh, but it
does!". We re-evaluate, and (hopefully!) everybody will be happy.
Reply to: