InfluxData uses package signing keys to sign build artifacts (detached
signatures, RPM-signing) as well as Linux distribution package archives (APT
and YUM archives). To facilitate key maintenance, InfluxData uses a single
'root signing key' that is composed of:

* A primary key pair
* An arbitrary number of subkey signing keys

At a high-level, the primary key pair is used to create subkeys and subkeys
are used to sign build artifacts. In the event of key rotation, the primary
keypair is used to generate a new signing subkey. In the event of key
revocation, the primary keypair is used to revoke a specific subkey.

The primary keypair therefore has good security properties. The primary key
(and therefore its subkey public keys) is uploaded to keyservers and updated
as necessary, thus establishing and maintaining reputation of the key since
the primary key remains the same. Specifically, rotation consists of adding
a new subkey. Revocation consists of revoking a subkey and (typically)
creating a new subkey. These new/updated subkeys are then uploaded to
keyservers and merged.

An additional compatibility public key file that contains only the subkey
public key is provided in order to support APT releases prior to 1.4, and
RPM releases prior to 1.12.90.
