Management of code signing digital IDs and pvk files

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

This is a non-technical question:

I work in a group of 25+ developer, and we do NOT all report to same
management. We create executables, that we would like to digitally
sign.  how can we manage digital ID and pvk file so that we don't have
a single point of failure, and still maintain the security of the pvk.

1) Should we give out the digital id + pvk pair to each developer? we
will be greatly reducing the security of the key this way.

2) Or should just one person be assigned the task of sign all
executables? This would be single point of failure.

3) Or a partial group (5 or 6) developer be given the pair? This seems
a happy medium.

Any ideas would be greatly appreciated.

Note: We all "need" to use the same Digital ID + pvk pair.

Saqib Ali /

Site Timeline