On Thu, 10 Jan 2019 at 10:44, Stephen Connolly < stephen.alan.conno...@gmail.com> wrote:
> On Thu, 10 Jan 2019 at 10:31, Dominik Psenner <dpsen...@gmail.com> wrote: > >> On 2019-01-10 11:24, Alex Harui wrote: >> > Stephen are you saying that we can't trust ASF Members? That we have >> to fear that at least one ASF member will not be able to resist the urge to >> leverage the RoyalePMC account for evil? >> > I'm sure we can find some other way to distribute credentials if that's >> true, but I would think there are juicier targets for a rogue ASF member, >> like leveraging Jenkins. >> >> -1, credentials are confidential. Credentials may be committed to a >> repository to prevent accidental deletion, but shall be gpg encrypted to >> the recipients who are allowed to read them. This implies that a bot is >> never going to be able to decrypt those credentials. >> >> > Thanks for that. I had forgotten that one could GPG encrypt the > credentials that would be committed to /private/... so at least that would > mean that only the intended recipients would be able to decrypt them which > would limit the secrets to the Royale PMC. > That would meen, though, that the PMC would need to re-encrypt the file every time the PMC changes or any time a PMC member loses their GPG key Note to self: e.g. see http://laurent.bachelier.name/2013/03/gpg-encryption-to-multiple-recipients/ for example of how to encrypt a file for multiple recipients.
