Learning from our keyring: What do our PGP keys say about the project?

TitleLearning from our keyring: What do our PGP keys say about the project?
Publication TypeUnpublished
Year of Publication2016
AuthorsWolf G
Refereed DesignationNon-Refereed
Date Published07/2016
InstitutionDebConf 16
CityCape Town
Type of WorkPresentation

Since the keyring-maint team started aggressively pushing for the retirement of short, obsoleted PGP keys two years ago, I started trying to get the keyring to "spew" some interesting data for us. Besides just showing the evolution on the number of keys conforming to our current best-practices, I started looking at the ugly entanglement of our keyring's graphical representation, and started hypothetizing what caused certain patterns to appear in its evolution. I am currently starting to do some aging and vitality analysis on the signatures and the keys themselves.

The work I will be presenting is not likely to be a gamechanger for Debian, but it can be an entertaining way to understand social relationships in our project, and can lead us to understand some important turning points — maybe even forsee and prevent issues from arising at all.

Presentation (PDF)12.06 MB
Sources for the presentation (Emacs org-mode v7 ⇒ LaTeX Beamer)14.51 MB