Please review the draft for May's report

Daniel Shahaf d.s at daniel.shahaf.name
Wed Jun 10 16:23:44 UTC 2020


> > Bernhard's point is that if Alice has a PGP trust path to a hash value
> > [e.g., if Bob signed some hash value and Alice trusts Bob's key], has
> > a file whose hash is that value, and the hash function is sufficiently
> > strong, then Alice may trust that file as well, _regardless of its
> > origin_.
> >
> > That's just the standard property of signatures.  If you're on a plane
> > and someone hands you a signed message that verifies to be from
> > a trusted key, then you can trust the message is from that key's owner
> > even if you don't trust whoever handed you the message.  
> Sure but I found it confusing in combination with the quorum logic. If I trust
> my 12 sock puppets, I can reach any quorum that only requires 5 signatures. Some
> slightly stronger concept of identity is needed if you go by a logic that says
> "at least 2 trustworthy rebuilders have to sign" so you don't fall vulnerable to
> wrench attacks.

If you trust a dozen sockpuppets, then you need to review your process
for deciding whom to trust.


More information about the rb-general mailing list