every-channel/every.channel
1
0
Fork 0
Code Releases Activity Actions 2
every.channel/evolution/proposals/ECP-0060-repo-sanitization-and-authorship.md
every.channel 897e556bea
every.channel: sanitized baseline
2026-02-15 16:17:27 -05:00

1.3 KiB
Raw Blame History

ECP-0060: Repository Sanitization and Authorship Baseline

Status: Draft

Goal

Establish a privacy-safe public repository baseline:

  • remove accidental personal identifiers from the tree,
  • standardize commit authorship as every.channel <founder@every.channel>,
  • require SSH-signed commits and provide a verifiable allowed-signers file.

Non-Goals

  • This does not attempt to preserve detailed early commit history.
  • This does not define identity beyond commit signatures.

Proposal

  1. Sanitize the working tree:
    • replace private LAN IP literals in tests with documentation IPs (RFC 5737),
    • avoid location-specific examples in ECPs/docs.
  2. Configure SSH commit signing:
    • gpg.format = ssh
    • commit.gpgsign = true
    • gpg.ssh.allowedSignersFile = docs/allowed_signers
  3. Rewrite history to a clean baseline:
    • publish a new main history consisting of a small number of signed commits
    • no private keys or tokens committed

Rationale

This project is explicitly designed to be resilient and decentralized. That starts with a repository that does not leak personal identifiers and has a single, verifiable contributor identity.

Rollout / Reversibility

  • Tree sanitization is additive and low-risk.
  • History rewrite is disruptive but acceptable early; after the baseline, avoid rewrites.