| 1 |
On Fri, Jan 6, 2017 at 5:48 PM, Kent Fredric <kentnl@g.o> wrote: |
| 2 |
> |
| 3 |
> More, the intellectual curiosity how we could improve the cryptographic |
| 4 |
> reliability of Gentoo in realistic terms via trust webs is a discussion |
| 5 |
> in itself. |
| 6 |
> |
| 7 |
> The main point of this thread was to attempt to create this web of |
| 8 |
> trust by forcing new users be signed. |
| 9 |
> |
| 10 |
> But the overall objective is not to deter contributors, but to improve |
| 11 |
> the WoT by realistic means. |
| 12 |
> |
| 13 |
> So exploring the mechanisms by which we achieve the WoT independently |
| 14 |
> of whether or not we make it a barrier to entry I think is the thing to |
| 15 |
> focus on. |
| 16 |
|
| 17 |
So, I was chatting with k_f about this on the side, but I think |
| 18 |
something you should look at is creating a voluntary framework to |
| 19 |
encourage this. Nobody is going to object to that, and it lets you |
| 20 |
get a sense of what it takes. If it works really well then maybe |
| 21 |
there would be interest in making it mandatory, and if nobody likes it |
| 22 |
then probably not. Either way though it probably will capture a lot |
| 23 |
of the value without becoming a barrier to anybody. |
| 24 |
|
| 25 |
This isn't unlike where we ended up in discussions around copyright |
| 26 |
assignment. For all of its benefits it also causes some sticky |
| 27 |
issues, and you can probably get 80% of the benefit on a voluntary |
| 28 |
basis, so that is the direction we've been moving in. |
| 29 |
|
| 30 |
-- |
| 31 |
Rich |
Archives