-
intrigeri authored
Release process: don't include revoked subkeys in the signing key downloaded by the Upgrader (refs: #17714) All our Upgrader needs here is the set of current, valid signing subkeys: if the signature of the downloaded UDF is not a valid one done by one of those subkeys, then it'll abort. It does not matter why exactly that signature failed: it could be it a missing subkey, a revoked one, an expired one, or an UDF provided by an attacker and signed with a totally different key. As long as the signature verification fails, we're good. So let's not include revoked subkeys in that exported key, which every Upgrader downloads. In my tests, this shrinks that key from 13380 bytes down to 10349 bytes, i.e. 22% less. That's not much; it's minor polishing rather a ground-breaking improvement, but still. Note that the previous instructions already filtered out expired subkeys, which is good. This commit does not modify this property.
403f127d