hackage-security icon indicating copy to clipboard operation
hackage-security copied to clipboard

Published 20 hours ago verified publisher icon haskell

Policies and protocols for dealing with private keys

Open edsko opened this issue 10 years ago • 2 comments

This should document things such as

  • Bootstrapping
  • Key thresholds
  • How many keys we have of each type
  • Key validity (expiry time)
  • Implications for key compromise
  • Who holds keys, and how should they store them.

edsko avatar Jun 26 '15 16:06 edsko

One issue that this should address are the policies surrounding the request sent to the root key holders to sign a new root.json. This cannot be an automatic response from the root key holders to an email by Duncan, say, because then effectively Duncan's email GPG key would become the (single) root of trust. Such policies would be social policies, primarily.

edsko avatar Sep 28 '15 13:09 edsko

This has been decided by the Haskell committee but needs to be documented.

edsko avatar Dec 18 '15 15:12 edsko