Until now we were using Keybase for sharing credentials and keeping a registry of the members with access to each platform. With platforms like Dashlane we don’t need to share credentials anymore we can just share access. And credentials could be changed every month without affecting the workflow.
We could use Dashlane until more decentralized technologies such as https://www.nucypher.com/ or Fidelius are available.
Doing a change like this brings up a lot of questions. For example, decisions like this centralizes our process and that’s why I think it’s worth opening this vote before doing it.
Increasing the security in case of future conflicts “The problem of decentralizing states is defence, and the problem of decentralizing daos is password management :-D”
Access can be revoked when members are not contributing on a task anymore
Every reset (2 month) restricts access to inactive contributors and/or to people with previous access who have broken the code of conduct.
Centralize power and the consequences of that.
Add bureaucratic steps
Sharing access isn’t much different from sharing credentials, people with it can do the same except sharing access with third parties.
On our platforms such as GitHub or Discord. In my opinion we are doing a great job. We have different projects with different members with powers, for example we have Gitbook admin powers on 1 account. Then we have Github where there are many contributors but at the same time the contracts are on another repo where there are not many contributors. And we could adapt the rules in the future if we as a community want to.
Regarding the process on sharing access for example we could add a Typeform with questions like asking for handle, which platform do the contributor need access to and what it’s the job going to be done on that platform (to decide what kind of access we should give) And the results of the typeform could be share on the stewards chat with a poll and if no one is against on 24hrs we give the access corresponding to that Typeform. This process would have a delay of 48h more or less.
I suggest we do an audit on our access document on the gibook every 2 month and setup Dashlane with Zep and Chuy as admins that will held Twitter and Gmail (Youtube, Medium Hubspot and Google Analytic), the reasoning it that we both are who have 2FA right now and at least for comms I feel it make sense for efficiency and it can always change if we have a further discussion on who and why show held the credentials.
- Add dashlane and the new process to give credentials
- Add dashlane but not the process to give credentials
- Keep using keybase