Summary: rotate the TPA "security liaison" role from anarcat to groente on 2025-11-19, after confirmation with TPA and the rest of the security team
Background
The security@torproject.org email alias is made up of a couple of
folks from various teams that deal with security issues reporting to
the project as a whole.
Anarcat has been doing that work for TPA since its inception. However, following the TPA meetup discussion about reducing the load on the team lead and centralisation of the work, we identified this as a role that could, and should, be rotated.
groente has been taking up more of that role in recent weeks, seems to be a good candidate for the job, and agrees to take it on.
Proposal
Communicate with the security team proposing the change, waiting a week for an objection, then perform the rotation.
This consists of changing the email alias, and sharing the OpenPGP secret key with groente.
It would mean that, in theory, i could still intercept and read messages communicated here, which I think is a perfectly acceptable compromise. But if that's not okay, we could also rotate the encryption key.
Timeline
- 2025-11-05: proposed to TPA
- 2025-11-12: proposed to the security team
- 2025-11-19: change implemented