Hello, We would like to update the release process so that there isn't a single private key to sign releases (and thus a potential bottleneck or a "share access to a private-key, somehow" problem). What we have converged upon so far is "just have multiple signatures and a document describing who is expected to produce those". I have made an attempt to write words to this effect:
https://github.com/tahoe-lafs/tahoe-lafs/pull/943 Further feedback welcomed (here, or on the above PR). If the examples instead used the sequoia-pgp tool "sqv" then we could add the "--signatures 2" option. -- meejah _______________________________________________ tahoe-dev mailing list [email protected] https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
