On Sunday 08 January 2006 09:42, Anders Johansson wrote:
On Sunday 08 January 2006 07:53, Mark A. Taff wrote:
See, and this trust model is the exact reason that PGP public key encryption is rarely used in the real world. This model _just doesn't work_ in the real world.
Of course it works. It's just that people in general don't know or care about security. Your entire mail, for example, is more of an incantation than anything else: "Linux is secure, linux is secure". Well, it is, but not if people behave the way you suggest
I don't read the source code for every piece of code I install. And I don't read/write my own compiler, either. I trust the free market of free software.
I trust suse to give me a basic system. I further trust certain third party packagers like packman. For each of these, I had to take the plunge and trust them initially, and they have since proven to be worthy of my trust.
The problem is that without signatures, you have to trust much more than just the packagers. Trustworthy signatures would mean you only had to trust the packagers (and the developers of gpg), but without them you also have to trust the admins of the repositories and their mirrors, their honesty, their competence, their diligence, their backups for when they get sick etc. etc. etc. That's more trust than I can muster
For the record, I really don't trust the centralized model you propose. I much prefer the decentralized market trust model. If nobody complains your packages are bad, I will operate with the working assumption that they are aren't bad.
This is why so many windows users are happily running trojans, backdoors and zombies and don't know a thing about it
Yes, if a repository got cracked, it could cause some issues. But really, it is normal for there to be consequences when a system gets cracked. In this case, it is a minor issue. I simply remove the damaged repository from my sources list, and reinstall any potentially damaged applications.
heh, that's funny
Your "solution" doesn't actually solve anything in the real world. A distributed reputation-based system _does_, and it has several millenia of history to prove the model works...
Not really
No, the GPG model of trust is flawed because it doesn't accurately model trust in the real world. It depends on trust passing undiminished through n-degrees of separation, and no rational person thinks that way. I might trust SuSE, but I don't trust them to say that anyone else is OK. _I_ will make decisions on who to trust, not delegate that responsibility to some third, fourth, or nth party. I mean, come on, just because I trust a person to write a decent program without backdoors, etc, doesn't mean I trust their judgment of others' character and intentions! Linux _is_ more secure than Windows, and for now, it is secure enough. Perfect security isn't possible any more than perfect copy protection. What is important is to make the computer harder to compromise than the value of the compromised computer. As for your crack about windows users happily running trojans, etc, this is because they don't care if their machine is compromised, not because nobody has complained about a specific virus/spyware/trojan. If you refuse to heed the warning the market provides, it is your own fault. Yes, really. The reputation-based market model has been successfully handling this type of problem for millenia. Your centrally-planned model always fails outside of a controlled environment--See government licensing, see pontifications on science, see pedophiliac priests, appeal to authority, et al. Mark