How do Grapheneos devs manage private keys?

TheLastAirbender

How do Grapheneos devs manage the private keys that are used to sign updates and releases? Who has accses to them?
Could a single person sign an update? Could those keys be stolen? I'm not saying i don't trust the devs, i'm just curious how to handle such sensitive data securely.

other8026

TheLastAirbender Some of what you're asking is answered by the official project account here: https://discuss.grapheneos.org/d/13522-protection-against-grapheneos-infrastructure-compromise/17

Freedomain

I would guess on safe offline computers which are really custom.