Better communication for authority operators, core developers in emergency situations

When in danger or in doubt, run in circles, scream and shout!

traditional motto, possibly naval.

When the bug behind #2664 (moved) happened, it took us a few hours to notice. That was bad, and #2666 (moved) is about trying to notice such situations faster. But another problem is that even after we noticed, it still took a while to sort out who knew how best to contact which operators. Probably developers should get contacted too, so they can be available to deal with bad/urgent bugs.

We should figure out, for each authority operator and core developer[*], the best two or three ways to contact them in the case of an emergency. If these ways are not something we want to publish (e.g., phone numbers), a few people should know them, and all Tor people should know who those people are and how to contact them in a hurry.

We should have some emergency-response mechanisms in place. If communications are security-sensitive, we should have a way to deal with it in place, rather than the current approach of "send gpg-encrypted email to those people whose keys you happen to have" or "immediately go dark, use OTR to talk pairwise to people you know". Those approaches scale badly; we can probably do better.

We should also have planned responses for emergency events like "A key server looks like it might have been compromised"; "somebody has reported a vulnerability"; "somebody has disclosed a vulnerability"; "one or more authorities have gone down strangely;" "looks like the network is crashing;" and so on.

[*] "core developer" is here defined as "a developer who is likely to needed urgently when something breaks."

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information