On Sunday 08 January 2006 07:53, Mark A. Taff wrote:
See, and this trust model is the exact reason that PGP public key encryption is rarely used in the real world. This model _just doesn't work_ in the real world.
Of course it works. It's just that people in general don't know or care about security. Your entire mail, for example, is more of an incantation than anything else: "Linux is secure, linux is secure". Well, it is, but not if people behave the way you suggest
I don't read the source code for every piece of code I install. And I don't read/write my own compiler, either. I trust the free market of free software.
I trust suse to give me a basic system. I further trust certain third party packagers like packman. For each of these, I had to take the plunge and trust them initially, and they have since proven to be worthy of my trust.
The problem is that without signatures, you have to trust much more than just the packagers. Trustworthy signatures would mean you only had to trust the packagers (and the developers of gpg), but without them you also have to trust the admins of the repositories and their mirrors, their honesty, their competence, their diligence, their backups for when they get sick etc. etc. etc. That's more trust than I can muster
For the record, I really don't trust the centralized model you propose. I much prefer the decentralized market trust model. If nobody complains your packages are bad, I will operate with the working assumption that they are aren't bad.
This is why so many windows users are happily running trojans, backdoors and zombies and don't know a thing about it
Yes, if a repository got cracked, it could cause some issues. But really, it is normal for there to be consequences when a system gets cracked. In this case, it is a minor issue. I simply remove the damaged repository from my sources list, and reinstall any potentially damaged applications.
heh, that's funny
Your "solution" doesn't actually solve anything in the real world. A distributed reputation-based system _does_, and it has several millenia of history to prove the model works...
Not really