keyholder rotation

[jku]

The original intention was always to rotate the root-signing keyholders somewhat regularly but a real process for that was never setup. I think now is a good time to do that.

My instinct is to keep this as a minimal process:

• setup a workflow to open an issue once a year asking current keyholders to comment whether they're interested in continuing or not, and asking community members to suggest themselves or others as new keyholders. This issue can be left open for a few weeks and be advertized elsewhere, like general channel in slack
• New keyholders should be trusted members of the community who are willing to act as a keyholder for at least a year. The recommendation is that new keyholders do not have the same employer as other keyholders.
• Rotating threshold of signers (3) or more at once seems inadvisable (although it is possible)
• In practice current keyholders ultimately confirm who the new keyholders are (since their signatures are required for that) but I suggest in the event of no clear community consensus about this in the issue, the issue is raised to TSC who make a decision

CC @kommendorkapten, @haydentherapper @bobcallaway for any comments

[kommendorkapten]

I agree with this, last rotation was around 2 years ago IIRC.