← Back to context

Comment by jancsika

7 years ago

> But there's nothing secure about the WoT.

I haven't read your blog, but this sentence unfairly paints WoT with PGP/GPG's problems.

It's completely reasonable to have a WoT that operates correctly when at least a single participant isn't completely incompetent. That's how git works.

I haven't looked closely but I'd be willing to speculate that PGP is to WoT what C++ is to fast compile times.

Just to drive the point home, compare:

* the amount of time some pedants waste at a PGP "key party"

* the time it takes me to accept a merge request from someone who made a commit in the gitlab UI using Internet Explorer on their grandparents' malware-laden Dell desktop

Both examples leverage WoT.

Edit: hehe I wrote PGP "key party" instead of "key signing party."