On Tue, Feb 04, 2014 at 02:38:11PM -0200, Giancarlo Razzolini wrote: > Em 04-02-2014 14:25, Marc Espie escreveu: > > making sure the users don't do anything stupid is the right part. > > As it has always been. People do stupid things. Even when they're not > expected to. People who cares about signed packages will go on further > to verify things. If you care, do your homework. People who do not care, > will blindly trust or not even know that things are signed. That's the > beauty of signify. It works for both the stupid and the smart.
That's the motto "secure by default". Does also mean "try to make sure things are reasonable by default, and that people will naturally do not stupid things". (e.g., https is not reasonable. By default, you get to trust a metric shitload of authorities you really wouldn't want to trust)
