Maintainer notes
================

Adding a new team member key
----------------------------

make keyrings/team-members.gpg
gpg --no-default-keyring --keyring keyrings/team-members.gpg \
  --no-auto-check-trustdb --import $KEYFILE
jetring-gen keyrings/team-members.gpg~ keyrings/team-members.gpg \
  "add adsb (ID: C5CE5DC2C542CD59)"
jetring-accept team-members/ add-C5CE5DC2C542CD59 

Adding a new archive key
------------------------

make keyrings/debian-archive-keyring.gpg
gpg --no-default-keyring --keyring keyrings/debian-archive-keyring.gpg \
  --no-auto-check-trustdb --import $KEYFILE
jetring-gen keyrings/debian-archive-keyring.gpg~ \
  keyrings/debian-archive-keyring.gpg \
  "add jessie automatic key (security)"
mv add-9D6D8F6BC857C906 add-jessie-security-automatic
jetring-accept active-keys/ add-jessie-security-automatic

Note that the filenames used for the changeset filenames must never be
subsets of another changeset filename, or the keyring build will
over-eagerly remove them and then fail.

Removing an archive key
-----------------------

[There should be a better way of doing this]

Copy the corresponding entry from active-keys/index to removed-keys/index
Move active-keys/add-$foo to removed-keys/
gpg --detach-sign --output removed-keys/index.gpg --armor --sign \
  removed-keys/index
Remove the relevant entry from active-keys/index
gpg --detach-sign --output active-keys/index.gpg --armor --sign \
  active-keys/index

Confirm that the result was as expected by:

make clean
make keyrings/debian-archive-keyring.gpg
make keyrings/debian-archive-removed-keys.gpg

and checking the contents of each keyring

Add an entry to debian/debian-archive-keyring.maintscript:

rm_conffile /etc/apt/trusted.gpg.d/debian-archive-${foo}.gpg ${version}~~

Pre-build
---------

gpg --armor --detach-sign keyrings/debian-archive-keyring.gpg

If any keys were removed:
gpg --armor --detach-sign keyrings/debian-archive-removed-keys.gpg