Comment by jancsika
7 years ago
> But there's nothing secure about the WoT.
I haven't read your blog, but this sentence unfairly paints WoT with PGP/GPG's problems.
It's completely reasonable to have a WoT that operates correctly when at least a single participant isn't completely incompetent. That's how git works.
I haven't looked closely but I'd be willing to speculate that PGP is to WoT what C++ is to fast compile times.
Just to drive the point home, compare:
* the amount of time some pedants waste at a PGP "key party"
* the time it takes me to accept a merge request from someone who made a commit in the gitlab UI using Internet Explorer on their grandparents' malware-laden Dell desktop
Both examples leverage WoT.
Edit: hehe I wrote PGP "key party" instead of "key signing party."