How to deal with a person leaving an organization?

[thomasjfox]

Imagine crev is set up at an organization using the recommended "root id" trust model. This root id then signs all individual crev ids.

Long-year senior developers would get a "high" trust level, while short-term (f.e. six month period) rookie interns would get a "medium" trust level in the beginning.

All reviews and trust proofs would be published on a shared public github repo, so the community can benefit from the reviews, too.

How should someone leaving the organization be handled?

Ideally the crev root id would issue a new trust level of "none" on the last day of the person at the organization, but that invalidates all existing reviews of that individual crev id in my experiments.

Would crev be able to take into account the date a review was done and then check if a id was trusted at that moment? Of course if the "nuclear" distrust option is used, no reviews from that id would be trusted anymore.

If date based trust calculations are too complex or don't make sense, I could imagine the following, more simple solution:

A subcommand to sign existing proofs with another id in an automated way. This id could be even an "anonymous" organization wide id for this exact purpose.

crev proof find --author id already lists all proofs of an individual id. So it could be crev proof reissue --author id and also filter by --crate and --vers to load existing reviews and sign them with the current id (asking for the password just once ;)).

I think such a subcommand could also help if an id was compromised but one knows old reviews are fine and should be "rescued". It would also help with "migration to a new id" and then revoke trust on the old id.

[dpc]

I'm reluctant to increase complexity of WoT calculation, as it affects potentially everyone (all implementations) and it's tricky enough already to implement and reason about.

My intuition tells me that it might be easier to provide a good export + import mechanism, so that organization can just export all the existing reviews, and re-sign them as some other identity, that they trust (one shared "past members", or just per-person ID "past archived reviews of X")

So when someone leaves the organization, the organization marks them trust: none and re-publishes existing proofs under new trusted ID.

[thomasjfox]

So when someone leaves the organization, the organization marks them trust: none and re-publishes existing proofs under new trusted ID.

this can now be done with the proof-of-concept "proof reissue" command implemented here: #493

It worked exactly as described above.

[thomasjfox]

I think we can mark this one as implemented answered.

Thanks for the quick code review and merge.