undefined | Better HN

0 pointsprogbits2y ago0 comments

> Getting punched in the face is actually a necessary human condition for a healthy civilization.

Aside from signed commits, we need to bring back GPG key parties and web of trust. When using a project you would know how many punches away from the committers you are.

0 comments

woodruffw2y ago

PGP is more famous for "web of trust" topologies, not chains of trust.

For all of their nerd cred, key parties didn't accomplish very much (as evidenced by the fact that nothing on the Internet really broke when the WoT imploded a few years ago[1]). The "real" solution here is mostly cultural: treating third-party software like the risky thing it actually is, rather than a free source of pre-screened labor.

[1]: https://inversegravity.net/2019/web-of-trust-dead/

2 more replies

EthanHeilman2y ago

The web of punches?

j / k navigate · click thread line to collapse