dirauth key pinning can be bypassed sometimes?
It looks like sometimes key pinning can be bypassed. One example is in #27800 (moved), where it seems that an ed25519 key got shared between two relays (Or maybe that's two iterations of the same relay, where the operator rolled the RSA key but not the ed25519 key.)
Fixing this the "right" way might involve keeping multiple versions of a relay descriptor around, with metadata about which vote or consensus it goes with.