Comment 2 for bug 1250370

I've targeted simplestreams because I just stepped through the code in the debugger and identified the exact part of the code that rewrites the file.

In simplestreams.util.read_signed(), which gets called to verify the signature of the json index file, it invokes a subprocess:

['gpg', '--batch', '--verify', u'--keyring=/usr/share/keyrings/ubuntu-cloudimage-keyring.gpg', '-']

which after it returns, the pubring has been rewritten.