evaluate possible options for OpenPGP keyring maintenance
Many tickets here are about maintaining the various keyrings required for daily operations at Tor. A few examples include new keys, expiration updates and so on: #27748 (closed) , #27748 (closed), #27726 (closed), #27600 (closed), #28891 (closed), #28150 (closed), #28138 (closed), #29455 (closed)... but there are literally hundreds of such tickets.
Those keys currently get stored in LDAP and require a TPA to make changes, that is in
ssh://alberti.torproject.org/srv/db.torproject.org/keyrings/keyring.git. The TPA password manager also has its own keyring subset, see #29677.
All of this makes key maintenance and discovery difficult. Investigate possible alternatives, including Debian packages (like the one used by debian-archive-keyring), a private keyserver, gpgsync, monkeysphere, openpgp-ca, or a flock of unicorn. ;)