00 - Launch of Dispel Memo System

Date: November 24, 2025 Author: Dean and Chris From: C-Suite To: All Team Members Subject: Introduction of Secure Memo Management System
Download PDF Controlled copy — valid on date of download only

Purpose

This memo announces the launch of the Dispel Memo system, a secure and verifiable memo management platform that leverages git version control, GPG cryptographic signatures, and automated PDF generation to ensure the authenticity, traceability, and professional distribution of organizational communications.

Background

Sometimes things get lost in Slack. Well no more. The problem that these memos will solve is to provide clarity around important decisions and information as they get disseminated to the team at large.

About our memos

Traditional memo distribution methods lack cryptographic verification, version control, and audit trails. The Dispel Memo system addresses these limitations by:

  • Cryptographic Verification: All memos are signed via GPG-signed git commits, providing mathematical proof of authorship
  • Complete Audit Trail: Full version history tracked through git, showing all changes and contributors
  • Automated Workflows: GitHub Actions automatically convert memos to professional PDFs
  • Access Control: CODEOWNERS file ensures proper approval before memo publication
  • Professional Output: Consistent formatting across all memos using Markdown or LaTeX templates

Key Features

For Memo Authors

  • Simple Markdown Format: Write memos in plain Markdown with familiar syntax
  • Advanced LaTeX Option: Use LaTeX for complex formatting requirements
  • Template System: Pre-configured templates ensure consistency
  • Automatic PDF Generation: Push your memo and PDFs are generated automatically

For Reviewers and Approvers

  • Code Owner Review: CODEOWNERS file automatically assigns reviewers based on business unit
  • Pull Request Workflow: All memos go through review before publication
  • Branch Protection: Required approvals and signed commits enforced by GitHub
  • Signature Verification: Verify authenticity using git verify-commit or git log --show-signature

For Compliance and Audit

  • Immutable History: Complete record of all changes, authors, and approvers
  • Cryptographic Proof: GPG signatures provide non-repudiation
  • Automated Signature Report: GitHub Actions generates signature verification reports
  • Business Unit Segregation: Organized directory structure by department

Repository Structure

Memos are organized by business unit:

memos/
├── corporate/     → Executive and organization-wide communications
├── security/      → Security team memos and incident reports
├── operations/    → Operations procedures and updates
├── engineering/   → Technical decisions and architecture docs
├── sales/         → Sales team communications
└── marketing/     → Marketing team memos

Each directory has designated code owners who must approve changes.

Getting Started

For All Team Members

  1. Review Documentation: Read README.md and GOVERNANCE.md in the repository
  2. Set Up GPG Signing: Follow instructions in README.md to configure GPG keys
  3. Add GPG Key to GitHub: Upload your public GPG key to your GitHub account
  4. Verify Repository Access: Ensure you have appropriate permissions for your business unit

For Memo Authors

  1. Clone Repository: git clone git@github.com:YOUR_ORG/dispel-memo.git
  2. Create Feature Branch: git checkout -b corporate/my-memo-topic
  3. Copy Template: cp memos/template.md memos/corporate/2025-11-03-my-memo.md
  4. Write Memo: Edit the memo file with your content
  5. Commit with Signature: git commit -S -m "Add memo: My Memo Title"
  6. Create Pull Request: Push branch and create PR for review
  7. Request Approval: Code owners are automatically assigned as reviewers

For Repository Administrators

  1. Configure GitHub: Follow GITHUB_SETUP.md for complete setup instructions
  2. Update CODEOWNERS: Replace placeholder usernames with actual GitHub accounts
  3. Set Branch Protection: Enable required reviews and signed commits
  4. Add Collaborators: Grant appropriate access to team members
  5. Verify Workflows: Test GitHub Actions workflow with a sample memo

Security Considerations

  • GPG Keys: Keep private keys secure and backed up
  • Hardware Security Keys: Consider using YubiKey or similar for GPG operations
  • Key Rotation: Establish policy for key expiration and renewal
  • Access Reviews: Regularly audit repository collaborators and permissions
  • Signature Verification: Always verify signatures before trusting memo authenticity

Next Steps

  1. Repository administrators: Complete GitHub setup per GITHUB_SETUP.md
  2. All team members: Set up GPG signing within 14 days
  3. Business unit leads: Review and update CODEOWNERS for your teams
  4. DevOps team: Monitor GitHub Actions workflow success
  5. All team members: Attend training session (to be scheduled)

Support and Documentation

  • README.md: General usage instructions and quick start guide
  • SETUP.md: Local development environment setup
  • GOVERNANCE.md: Approval workflows and governance procedures
  • GITHUB_SETUP.md: Complete GitHub configuration guide
  • Questions: Contact repository administrators or open a GitHub issue

Signature:

This memo was signed via git commit. Verify authenticity using git log --show-signature

Document Provenance

Last ModifiedNovember 24, 2025 at 17:03 -0500
Authorunknown
Signature Not signed
Commit5a7bc06 View on GitHub
File HistoryAll changes

Other Memos in Corporate

← Back to all memos