every.channel: sanitized baseline

2026-02-15 16:17:27 -05:00 · 2026-02-15 16:17:27 -05:00 · 897e556bea
commit 897e556bea
258 changed files with 74298 additions and 0 deletions
--- a/evolution/proposals/ECP-0060-repo-sanitization-and-authorship.md
+++ b/evolution/proposals/ECP-0060-repo-sanitization-and-authorship.md
@ -0,0 +1,40 @@
+# ECP-0060: Repository Sanitization and Authorship Baseline
+
+Status: Draft
+
+## Goal
+
+Establish a privacy-safe public repository baseline:
+
+- remove accidental personal identifiers from the tree,
+- standardize commit authorship as `every.channel <founder@every.channel>`,
+- require SSH-signed commits and provide a verifiable allowed-signers file.
+
+## Non-Goals
+
+- This does not attempt to preserve detailed early commit history.
+- This does not define identity beyond commit signatures.
+
+## Proposal
+
+1. Sanitize the working tree:
+   - replace private LAN IP literals in tests with documentation IPs (RFC 5737),
+   - avoid location-specific examples in ECPs/docs.
+2. Configure SSH commit signing:
+   - `gpg.format = ssh`
+   - `commit.gpgsign = true`
+   - `gpg.ssh.allowedSignersFile = docs/allowed_signers`
+3. Rewrite history to a clean baseline:
+   - publish a new `main` history consisting of a small number of signed commits
+   - no private keys or tokens committed
+
+## Rationale
+
+This project is explicitly designed to be resilient and decentralized. That starts with a repository
+that does not leak personal identifiers and has a single, verifiable contributor identity.
+
+## Rollout / Reversibility
+
+- Tree sanitization is additive and low-risk.
+- History rewrite is disruptive but acceptable early; after the baseline, avoid rewrites.
+