On Mon, Sep 22, 2008 at 4:03 PM, Aristotle Pagaltzis <[EMAIL PROTECTED]> wrote: >> formal trust metrics can be gamed. That's also how humans are >> wired. > > Sure, but not to any useful extent if they are person-centric and > there is no worthwhile gain. There is no spam in my RSS reader > and none in my Twitter timeline.
Okay, I concede: Once again I'm spouting straw men. Last year's flap with the possibly deliberate compromise of Debian ssh occurred at a high ring of trust that would have been the same with or without formal metrics. Or would formal metrics have raised flags early? Please, readers of the lists to which I post, alert me off-list if you feel David Nicol has been too free in sharing hypothetical contrarian positions of late; I'm experiencing guilt about wasting people's valuable time. (this, and the recent flip-flopping WRT autodie semantics.)
