evaluate possible options for OpenPGP keyring maintenance
Many tickets here are about maintaining the various keyrings required for daily operations at Tor. A few examples include new keys, expiration updates and so on: #27748 (moved) , #27748 (moved), #27726 (moved), #27600 (moved), #28891 (moved), #28150 (moved), #28138 (moved), #29455 (moved)... but there are literally hundreds of such tickets.
Those keys currently get stored in LDAP and require a TPA to make changes, that is in
ssh://alberti.torproject.org/srv/db.torproject.org/keyrings/keyring.git. The TPA password manager also has its own keyring subset, see #29677 (moved).
All of this makes key maintenance and discovery difficult. Investigate possible alternatives, including Debian packages (like the one used by debian-archive-keyring), a private keyserver, gpgsync, monkeysphere, or a flock of unicorn. ;)