Create developers security guidelines?

Talking with @gaba about https://gitlab.torproject.org/tpo/network-health/sbws and bwauths operational/infrastructure security guidelines (see tpo/community/relays#14 (moved)), we thought it might be interesting to have some guidelines for Tor developers.

For example, having a dedicated laptop for development or running qubes on it, physical keys to sign releases or to deploy software via ssh.

I think there was some workshops in the past, but i don't know if there's something documented.

Maybe this issues doesn't belong to this project, but created here for now.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information