developer keyring verification

* gpg keyrings in /usr/share/debug-me/ will be checked
  to see if a connecting person is a known developer of software
  installed on the system, and so implicitly trusted already.
  Software packages/projects can install keyrings to that location.
  (Thanks to Sean Whitton for the idea.)
* make install will install /usr/share/debug-me/debug-me_developer.gpg,
  which contains the key of Joey Hess. (stack and cabal installs don't
  include this file because they typically don't install system-wide)
* debug-me.cabal: Added dependency on time.

This commit was sponsored by Francois Marier on Patreon.

2 files changed, 12 insertions, 0 deletions

diff --git a/doc/todo/use_distribution_keyrings.mdwn b/doc/todo/use_distribution_keyrings.mdwn
index df21588..be4492e 100644
--- a/doc/todo/use_distribution_keyrings.mdwn
+++ b/doc/todo/use_distribution_keyrings.mdwn
@@ -5,3 +5,6 @@ Example output: `Sean Whitton is an official Debian Developer (information accur
 Distribution packagers of debug-me could add the keyrings to be checked in this way to a configuration file, or possibly just hardcode them somewhere in debug-me's source.
 
 --spwhitton
+
+> [[done]]; you'll need to include the symlinks to the debian keyring
+> in the keysafe.deb. --[[Joey]]
diff --git a/doc/todo/use_distribution_keyrings/comment_2_43e012511d2fc39d78789541482928b7._comment b/doc/todo/use_distribution_keyrings/comment_2_43e012511d2fc39d78789541482928b7._comment
new file mode 100644
index 0000000..8145e47
--- /dev/null
+++ b/doc/todo/use_distribution_keyrings/comment_2_43e012511d2fc39d78789541482928b7._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 2"""
+ date="2017-05-20T21:10:36Z"
+ content="""
+Simplified that sligtly. The keyring filename can describe the
+relationship, eg "a_Debian_developer.gpg". The mtime of the keyring will be
+displayed so the user knows how up-to-date it is.
+"""]]