generated from coulomb/repo-seed
Add signed custody roster workflow
This commit is contained in:
@@ -239,6 +239,24 @@ are missing, the emergency drill is not recorded, no independent future quorum
|
||||
holder is recorded, and the temporary Audit Core risk posture has not yet been
|
||||
accepted or replaced by a production sink.
|
||||
|
||||
**2026-06-02:** Replaced the loose single escrow-holder planning gate with a
|
||||
signed two-of-three custody roster. The repository now carries a fake-data
|
||||
example plus console/Make targets to print a roster template, validate the
|
||||
roster, sign the ignored local roster with SSH namespace
|
||||
`netkingdom-custody-roster`, and verify the detached signature. Real holder
|
||||
contact records belong only in `.local/custody-roster.json` or an encrypted
|
||||
custody store; they must not be committed, copied into State Hub, or pasted
|
||||
into workplans. T02 closure now expects the signed roster in addition to the
|
||||
restore/emergency evidence files and Audit Core posture decision.
|
||||
|
||||
**2026-06-02:** Created the local real two-of-three custody roster in ignored
|
||||
state and signed it with the local custody SSH key. `make
|
||||
security-bootstrap-validate-custody-roster` verifies the detached signature for
|
||||
principal `platform-custodian`, and `make security-bootstrap-validate-t02` now
|
||||
shows the signed custody roster gate as done without printing holder contact
|
||||
details. T02 remains open for emergency seal/unseal drill metadata, the Audit
|
||||
Core retention/risk decision, and the real restore/emergency evidence files.
|
||||
|
||||
### T03 - Close Trial Taint And Retire Bootstrap Admin Paths
|
||||
|
||||
```task
|
||||
|
||||
Reference in New Issue
Block a user