Hi! Thanks for making Radicle, I’ve been playing with it for a bit and it’s a very cool system.

I have a question about the protocol and security model of Radicle, and wasn’t sure where else to ask. Specifically I’m curious how Radicle behaves in the case of historical keys being compromised:

Lets assume I have a repo with 5 delegates, and in the usual case there’s a central node that’s advancing the repo’s HEAD after reviews etc (according to whatever criteria).

Occasionally that node’s key is rotated, and the rotations are signed by a majority of delegates.

Now assume that over time the node and all delegates change their keys at some point, and in a few years we have a completely different key set than at the beginning.

What happens if somebody gets ahold of a majority of keys that were valid in the past, constructs an alternative history for the repo and its identities, and starts seeding it?