Jack Lloyd spake unto us the following wisdom: > On Tue, Aug 01, 2006 at 04:25:33PM -0400, Ethan Blanton wrote: > > So, not to get into a big long PGP discussion here, but this is really > > not that useful. I'm well-signed into the strongly connected subset, > > myself, but that doesn't directly translate to anything particularly > > valuable -- for example, I can find paths of length 3 from myself to > > Graydon, and similar from myself to you, but those paths are *not* via > > signers whom I trust, and as such they are not particularly useful to > > me. It doesn't really matter to me that some guy I don't know from > > Adam has signed your key, regardless of how well I may know and trust > > the first link in the chain. > > > > So, while increasing the size of the strongly connected set is > > academically interesting and makes for an amusing popularity contest, > > it's not really useful for something like file distribution. > > I would have to disagree. While I have no chain of signatures to > Graydon's key, having it stored in my keyring means that if and when > venge.net is compromised and the monotone source code backdoored, I > would be able to detect that (assuming I checked the sig), unless > venge.net was compromised at the point when I got the key from > there. The fact that I can't actually verify the key cooresponds to an > entity known in the real world as "Graydon Hoare" (assuming such an > entity actually exists) is meaningless.
This is really an entirely different issue. "I have a key purporting
to be Graydon's key, have had it for X amount of time, and have had no
reason to disbelieve that it is his" is very similar to my kernel
signing key example; I think we're violently agreeing. :-) The point
is that the web-of-trust signatures which are more than one-hop
removed from me are not part of this equation -- *anyone* can create a
key and put my name at the top, or Graydon's name at the top, or
whatever, and get *someone* to sign it.
> Shipping the PGP fingerprints (or keys) of the developers in the
> source distribution would also make for a decent transititive trust
> situation. If you trust a tarball enough to compile the code and run
> it, you should also be able to trust the keys contained therein are
> ones you want to trust (for the purposes of verifying future monotone
> builds, at least).
Agreed, particularly after some number of releases continue to attest
to the same information.
Ethan
--
The laws that forbid the carrying of arms are laws [that have no remedy
for evils]. They disarm only those who are neither inclined nor
determined to commit crimes.
-- Cesare Beccaria, "On Crimes and Punishments", 1764
signature.asc
Description: Digital signature
_______________________________________________ Monotone-devel mailing list Monotone-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/monotone-devel
