hi,
Fallback directory mirrors [1] seem to be selected (if the need should arise, according to release planning and whatnot) with criteria "uptime", among others. And it's only this criteria I'm thinking about here:
Now, in the wiki we have advice on how to improve relay security, and among many, there is advice to wipe the master key / identity every 1-2 years [2].
Fallback directory mirrors are *selected* based on uptime, and *expected* to stay up, of course, for about at least 2 years. This somehow encourages to keep your identity forever.
That's a contradiction and it might end up in *not* selecting relays, whos operators care a lot about security.
thanks
martin
[1] https://trac.torproject.org/projects/tor/wiki/doc/FallbackDirectoryMirrors [2] https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity#Vector1:D...