Until now we were using Keybase for sharing credentials and keeping a registry of the members with access to each platform. With platforms like JAM we don’t need to share credentials anymore we can just share access. And credentials could be changed every month without affecting the workflow.
We could use JAM until more decentralized technologies such as https://www.nucypher.com/ are available.
Doing a change like this brings up a lot of questions. For example decisions like this centralizes our process and that’s why I think it’s worth opening this thread, to get pros and cons of this action and get a decision as a whole.
Increasing the security in case of future conflicts “The problem of decentralizing states is defence, and the problem of decentralizing daos is password management :-D”
Access can be revoked when members are not contributing on a task anymore
Every reset (we could define a period of time) restricts access to inactive contributors and/or to people with previous access who have broken the code of conduct.
Centralize power and the consequences of that.
Add bureaucratic steps
Sharing access isn’t much different from sharing credentials, people with it can do the same except sharing access with third parties.
We should also discuss how we wanna approach it also on our platforms such as GitHub or Discord. In my opinion we are doing a great job. We have different projects with different members with powers, for example we have Gitbook admin powers on 1 account. Then we have Github where there are many contributors but at the same time the contracts are on another repo where there are not many contributors.
But we can also see it the other way, for example on discord there are a lot of admins, is it necessary? Would it be ok with the moderator and 1 backup? What are the pros and cons?
Another goal with this post is to brainstorm the process to share credentials? Is it needed or would it be bureaucratic?
For example we could add a Typeform with questions like asking for handle, which platform do the contributor need access to and what it’s the job going to be done on that platform (to decide what kind of access we should give) And the results of the typeform could be share on the stewards chat with a poll and if no one is against on 24hrs we give the access corresponding to that Typeform. This process would have a delay of 48h more or less.
The idea it’s come up with the best process possible regarding security and efficiency. This one above might be super bureaucratic.