| ▲ | crote 6 hours ago | |
The agent can't exactly show up to an in-person key signing party, can it? And how many people are both dedicated enough to go to key signing parties and stupid enough to let an agent act without supervision in the name of their real-world identity? | ||
| ▲ | brazzy 2 hours ago | parent [-] | |
If gpg-style web of trust became ubiquitous, it would require correspondingly less dedication. And on the other hand, if this was actually working up to an xz style supply chain attack, the dedication would certainly not be lacking. | ||