1 |
On Fri, Jan 6, 2017 at 5:48 PM, Kent Fredric <kentnl@g.o> wrote: |
2 |
> |
3 |
> More, the intellectual curiosity how we could improve the cryptographic |
4 |
> reliability of Gentoo in realistic terms via trust webs is a discussion |
5 |
> in itself. |
6 |
> |
7 |
> The main point of this thread was to attempt to create this web of |
8 |
> trust by forcing new users be signed. |
9 |
> |
10 |
> But the overall objective is not to deter contributors, but to improve |
11 |
> the WoT by realistic means. |
12 |
> |
13 |
> So exploring the mechanisms by which we achieve the WoT independently |
14 |
> of whether or not we make it a barrier to entry I think is the thing to |
15 |
> focus on. |
16 |
|
17 |
So, I was chatting with k_f about this on the side, but I think |
18 |
something you should look at is creating a voluntary framework to |
19 |
encourage this. Nobody is going to object to that, and it lets you |
20 |
get a sense of what it takes. If it works really well then maybe |
21 |
there would be interest in making it mandatory, and if nobody likes it |
22 |
then probably not. Either way though it probably will capture a lot |
23 |
of the value without becoming a barrier to anybody. |
24 |
|
25 |
This isn't unlike where we ended up in discussions around copyright |
26 |
assignment. For all of its benefits it also causes some sticky |
27 |
issues, and you can probably get 80% of the benefit on a voluntary |
28 |
basis, so that is the direction we've been moving in. |
29 |
|
30 |
-- |
31 |
Rich |