Currently I'm hosting our private key under a very obscure URL, the key is then downloaded using Dependable.
When the repository becomes public, I will have to delete the hosted copy of the key and remove the entry from dependable - we can't be making our key public and certainly shouldn't do anything to encourage that different parties use the same private key.
We need to document the process of generating a new key and using it.
It'll be a nice thing to say we considered in the report too.
Currently I'm hosting our private key under a very obscure URL, the key is then downloaded using Dependable. When the repository becomes public, I will have to delete the hosted copy of the key and remove the entry from dependable - we can't be making our key public and certainly shouldn't do anything to encourage that different parties use the same private key.
We need to document the process of generating a new key and using it. It'll be a nice thing to say we considered in the report too.