Re: [PD-dev] moving to git?

Tue, 04 Aug 2015 19:09:45 -0700 

I assume Linus would be slightly suspicious getting a pull request from 
himself. :)

But in cases where there's no obvious hierarchy for new users to enter the 
network, oversights like these are surely dangerous.  Unfortunately the free 
software community infrastructure has the same issues--
1) download all the public GPG keystores
2) count the total number of keys3) generate that same number of keys, copying 
the name/email info you got from the keys in the keystore
4) graft the social graph (i.e., which keys signed which other keys) from the 
keystores onto the keys you generated, creating a kind of "shadow" keychain5) 
slowly upload your "shadow" keychain back up to the public GPG keystores.
Voila!  Now you have two Richard Stallmans, two IOhanneses, two everything.  
Big deal.  But you also have the _exact_ same number of signatures on each key 
as the real keychain.  To the newcomer its impossible to tell which is real and 
which is fake by counting the signatures.
I mentioned this to some GPG gurus, and they brushed it off because-- after 
all-- the "shadow" keychain just sits there on its own little island.  And 
that's true, until somebody accidentally signs something in the "shadow" 
keychain from the real one.
(I also watched a video of a security expert mentioning this same issue, which 
was alarming because I had always assumed I didn't understand well enough how 
the web of trust works...)

-Jonathan





     On Tuesday, August 4, 2015 8:59 PM, Chris McCormick <ch...@mccormick.cx> 
wrote:
   

 Ha ha:
https://github.com/amoffat/masquerade/commit/9b0562595cc479ac8696110cb0a2d33f8f2b7d29

Chris.
--http://mccormick.cx/
On 01/08/2015, at 11:59, Chris McCormick <ch...@mccormick.cx> wrote:


On 01/08/15 04:12, Jonathan Wilkes via Pd-dev wrote:

And why do you prefer Github to Sourceforge?  What's different enough in


their business model that there is no inherent conflict between serving


the free software


community on the one hand and monetizing their users/userdata on the other?


"...GitHub has been called the 'Facebook for developers'..."

http://www.wsj.com/article_email/github-raises-250-million-at-2-billion-valuation-1438206722-lMyQjAxMTA1NjI1OTEyNzk0Wj

-_-

I still can't get gittorrent working properly, but I'm continuing to try. 
Hopefully it will mature.

Chris.

-- 
http://mccormick.cx/

_______________________________________________
Pd-dev mailing list
Pd-dev@lists.iem.at
http://lists.puredata.info/listinfo/pd-dev



  
_______________________________________________
Pd-dev mailing list
Pd-dev@lists.iem.at
http://lists.puredata.info/listinfo/pd-dev

Reply via email to