| ▲ | alexjurkiewicz 20 hours ago | |||||||
The Web of Trust failed for PGP 30 years ago. Why will it work here? For a single organisation, a list of vouched users sounds great. GitHub permissions already support this. My concern is with the "web" part. Once you have orgs trusting the vouch lists of other orgs, you end up with the classic problems of decentralised trust: 1. The level of trust is only as high as the lax-est person in your network 2. Nobody is particularly interested in vetting new users 3. Updating trust rarely happens There _is_ a problem with AI Slop overrunning public repositories. But WoT has failed once, we don't need to try it again. | ||||||||
| ▲ | Animats 17 hours ago | parent | next [-] | |||||||
> The Web of Trust failed for PGP 30 years ago. Why will it work here? It didn't work for links as reputation for search once "SEO" people started creating link farms. It's worse now. With LLMs, you can create fake identities with plausible backstories. This idea won't work with anonymity. It's been tried. | ||||||||
| ||||||||
| ▲ | javascripthater 19 hours ago | parent | prev | next [-] | |||||||
Web of Trust failed? If you saw that a close friend had signed someone else's PGP key, you would be pretty sure it was really that person. | ||||||||
| ||||||||
| ▲ | chickensong 4 hours ago | parent | prev | next [-] | |||||||
I'm not convinced that just because something didn't work 30 years ago, there's no point in revisiting it. There's likely no perfect solution, only layers and data points. Even if one of the layers only provides a level of trust as high as the most lax person in the network, it's still a signal of something. The internet will continue to evolve and fracture into segments with different requirements IMHO. | ||||||||
| ▲ | 19 hours ago | parent | prev [-] | |||||||
| [deleted] | ||||||||