root-signing icon indicating copy to clipboard operation
root-signing copied to clipboard
verified publisher icon sigstore

Evaluating term limits for root key holders

Open asraa opened this issue 2 years ago • 1 comments

Description

We currently have 5 stable root keyholders. Do we want to either (1) Create a tool that files an issue that alerts on some time limit? (2) Create a dashboard like tool for the term keyholders? (3) Do it ad-hoc.

This may also be relevant for evaluating term limits on other signing keys, e.g. if we support delegations.

asraa avatar Jan 19 '23 18:01 asraa

My two cents are we have good diversity of root keyholders in terms of company/academic affiliations. I'd say having a yearly reminder to ask all root keyholders if they are still interested would be reasonable. Additionally if anyone from the community asks to be a keyholder, maybe then we remove the oldest keyholder?

Hayden-IO avatar Jan 19 '23 18:01 Hayden-IO