Create a Inexor signing key

[Fohlen]

For the future of the project it will become more important that we have a signed Inexor key that we can trust on for certain actions. Those include

• signing commits
• signing releases and binaries
• signing media packages, plugins and server list commits
• revoking all of the above
• sharing service level information among the organization
  • social media accounts
  • access to inexor hosting environment (e.g, encrypting SSH keys)

My suggestion to the procedure is:

• at the next Inexor Hackathon, each @inexor-game/founders member will bring their own GPG key
• each member will cross-sign each member's key
• we will create a new Inexor GPG key, that will be signed by all @inexor-game/founders
• the revocation key will be encrypted and shared among the @inexor-game/founders team
• the inexor private key will be shared among @inexor-game/founders
• additional key signs can be done by other Inexor org members (optional)
• the key will be made available at
  • our code (core trust)
  • our website (additional trust)
  • the PGP signing server (in case both of the above fail)

This will ensure the following:

• each @inexor-game/founders member has equal access to the organisation
• for very critical decisions, each @inexor-game/founders member could use his revocation power as a veto (this should not happen ever, but it is a very good emergency plan, in case there are decisions that can not be supported by a member)
• we have a nice way to sign everything we do, and ensure it is really intended by the organisation

[a-teammate]

I do not fully get yet why exactly we would need this signing. Imo it just adds power hierarchy, without need.

signing commits

When do we want to do that? In core everything goes through PRs

signing releases and binaries

releasing and tagging is done in the CI. Whom do you distrust if you trust Travis?

signing media packages, plugins and server list commits

Why? That's actually the same point as above (signing commits) Why not depend on GitHub user groups? Verification of "this is really a signed commit to inexorgame/inexor-core" just adds additional maintaining burdens. While giving no benefit (you know the address, you connect via https. If your PC or your router isn't hacked you are safe. And if not you're screwed anyways).

If it's actually about

revoking all of the above

I'm against it. No power hierarchies.

sharing service level information among the organization social media accounts access to inexor hosting environment (e.g, encrypting SSH keys)

Could be done in smaller style in an encrypted riot channel. We are not that huge. A real password management is needed for big companies, beyond our size.