Scripts used for the keyring analysis

This page is meant as a companion to the articles and presentations we have done on the topic of keyring trust model and analysis, so far always based on the Debian project's keyring.

The scripts are quick and dirty, and as it often happens, we were tempted to just use their results and forget about them. But we were prompted to be coherent and honor Open Science's postulates.

Data sources
We have worked from publicly available data — Our input is the Debian keyring's public Git repository.
Evolution in numbers
To understand how the repositories grew and how mny keys of each type we had over time, we used this set of Ruby scripts.
This set of scripts also generates the Graphviz files that graph the keyrings' signatures akin to a social network.
Representing the keyring in a RDBMS
This set of scripts runs from the Git repository, analyzing the status of each defined keyring directory, and represents it in a PostgreSQL database
Statistical analysis
Survival analysis is done by a set of programs in R. They work over this post-processed output of the Git data.
Measuring key signing parties
We also measured the size and effects of key signing parties (KSPs). The output for these scripts is a set of Gnuplot-generated graphs.
The keyring at each KSP
We use this script to generate person-centered graphs for each DebConf key signing party. Said graphs are published at DC16, DC17,
How do keys walk between keyrings?
Keys enter our worldview, and can migrate between the different defined keyrings. How is their movement over time? We have not yet used this set of scripts in any publication, so I'm linking here some of the images. As this works off the Git repository, it does not measure time in months, but in tags; there is roughly one tag per month, except for special cases.