Open Fohlen opened 7 years ago
I do not fully get yet why exactly we would need this signing. Imo it just adds power hierarchy, without need.
signing commits
When do we want to do that? In core everything goes through PRs
signing releases and binaries
releasing and tagging is done in the CI. Whom do you distrust if you trust Travis?
signing media packages, plugins and server list commits
Why? That's actually the same point as above (signing commits) Why not depend on GitHub user groups? Verification of "this is really a signed commit to inexorgame/inexor-core" just adds additional maintaining burdens. While giving no benefit (you know the address, you connect via https. If your PC or your router isn't hacked you are safe. And if not you're screwed anyways).
If it's actually about
revoking all of the above
I'm against it. No power hierarchies.
sharing service level information among the organization social media accounts access to inexor hosting environment (e.g, encrypting SSH keys)
Could be done in smaller style in an encrypted riot channel. We are not that huge. A real password management is needed for big companies, beyond our size.
For the future of the project it will become more important that we have a signed Inexor key that we can trust on for certain actions. Those include
My suggestion to the procedure is:
This will ensure the following: