Discussion: tarball signing practice

We recently started signing release tarballs with multiple keys. As that imposes some overhead in the release process, it might need further discussion.

• Do we want to keep this practice (multiple signatures)? What are the benefits and drawbacks?
• Is the keyring management good enough?
• Can we simplify the process by automation, e.g., by signing with a vault key shared by multiple people as in libreswan?