On Wed, Jan 08, 2014 at 08:59:48PM +0100, Johan Engelen wrote:
On 23-12-2013 15:25, Ted Gould wrote:
On Fri, 2013-12-20 at 19:32 -0800, Bryce Harrington wrote:
On Tue, Dec 03, 2013 at 01:56:56PM -0500, Martin Owens wrote:
Dear Inkscape Board,
See attached for kickstarter keys, feel free to update email address, delete account, or just save the account for some future event.
Thanks. I think we need to standardize the process for how to hold and share keys and other authentication information. But I don't know how to best handle this. I've asked Kees Cook for advice on best practices. If anyone else knows how other projects do this, do share.
One solution would be to use something like Lastpass. Their Enterprise version supports these type of use-cases. It seems a bit expensive for us, but they have been OSS friendly in the past.
I was about the propose Lastpass. I use Lastpass and it's been great so far. But I don't know how it works with multiple persons.
Looks like there is an Enterprise version, which costs $24 per person. So, like $200/yr for ~8 accounts. There's a trial option for free, but don't know how long that runs.
I don't know how other projects solve this problem. To me it sounds a good topic for asking the Conservancy.
Poking around, looks like a common approach is to stick a gpg encrypted file into a git repository, using each person's gpg key when signing it. That way everyone has their own private password for accessing the data, and adding or removing a person just involves re-encrypting it and adding or dropping them from the signatures list.
Simple explanation: http://blog.bogosity.se/2011/01/12/managing-passwords-using-gnupg-git-and-em...
More detailed: https://enter2exit.wordpress.com/2011/03/01/managing-passwords-with-vimgpggi...
The Debian project uses a variation on this, which uses 'subkeys': https://wiki.debian.org/subkeys
I experimented with this (via the first link) and it looks straightforward enough, at least once you have your gpg key set up. We'd just need to do a key exchange with each other to start.
Bryce