[csw-maintainers] [policy] GPG Signing Key handling

Ben Walton bwalton at opencsw.org
Wed Feb 9 02:44:28 CET 2011 

Hi All,

The board has been in discussion with Phil about holding the GPG
signing key in its possession and has reached a bit of an impasse.
We've discussed a few different configurations of which positions on
the board should hold the key but have not come to an agreement.

As has been pointed out several times in the conversation, this is an
important issue and will impact the project well into the future.
It's important that we make a good choice now.  To that end, the board
has decided that a vote shall be held to ascertain what the members of
the project feel is the best way to proceed.

The vote will allow you to individually decide whether each of the
three board positions (not people, as the people will change) should
hold the key.  Each position that receives 50% support will be
responsible for securely holding a copy of the key.  It will then pass
from person to person as new boards come and go.

It will be possible for you, as a group, to decide that no member of
the board should hold the key.  This would happen when no position
receives 50% support.  This is an equally valid potential result.

I'm avoiding presenting either the Phil's position or that of the
board here as I'm hoping that any discussion around this is sparked
from your own initial reactions.  That's not to say that these are
secret by any means either, just that I don't want to frame the
discussion starting from either point of view.

The vote will be open to all members and will run for 7 days.

Please review the language below and present any clarifications you'd
like for public discussion.  The vote will be initiated once
discussion seems to be abating.

The planned phrasing of the ballot is:

The GPG signing key is an important asset for OpenCSW.  As a member of
OpenCSW, you are asked to make three yes or no selections, one per
board position, to indicate which, if any, of the board positions you
feel should hold a copy of the key.  Selecting yes for a position
indicates that you feel this position (and consequently the person
holding this position from year to year) should be responsible for
holding a copy of the key.  Selecting no indicates that you do not
want this position to hold the key.

Question 1: Should the Secretary position hold the key?  yes/no
Question 2: Should the Treasurer position hold the key?  yes/no
Question 3: Should the President position hold the key?  yes/no

Thanks
-Ben
--
Ben Walton
Systems Programmer - CHASS
University of Toronto
C:416.407.5610 | W:416.978.4302

More information about the maintainers mailing list