# ECP-0060: Repository Sanitization and Authorship Baseline

Status: Draft

## Goal

Establish a privacy-safe public repository baseline:

- remove accidental personal identifiers from the tree,
- standardize commit authorship as `every.channel <founder@every.channel>`,
- require SSH-signed commits and provide a verifiable allowed-signers file.

## Non-Goals

- This does not attempt to preserve detailed early commit history.
- This does not define identity beyond commit signatures.

## Proposal

1. Sanitize the working tree:
   - replace private LAN IP literals in tests with documentation IPs (RFC 5737),
   - avoid location-specific examples in ECPs/docs.
2. Configure SSH commit signing:
   - `gpg.format = ssh`
   - `commit.gpgsign = true`
   - `gpg.ssh.allowedSignersFile = docs/allowed_signers`
3. Rewrite history to a clean baseline:
   - publish a new `main` history consisting of a small number of signed commits
   - no private keys or tokens committed

## Rationale

This project is explicitly designed to be resilient and decentralized. That starts with a repository
that does not leak personal identifiers and has a single, verifiable contributor identity.

## Rollout / Reversibility

- Tree sanitization is additive and low-risk.
- History rewrite is disruptive but acceptable early; after the baseline, avoid rewrites.