[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Debconf-discuss] Call for keys for keysigning in Edinburgh during DebConf7

Manoj Srivastava escribió:
>         I think you are ignoring human nature, and human capabilities,
>  and thus, in my opinion, this stance is unrealistic.  Were we all like
>  the leading resident of smallville, OK. But most attendees were not
>  born on Krypton.
> 
>         In theory, you are right. In practice, in the real word, with
>  humans instead of simulacra, this reasoning falls flat on its face.

In real world, you have to have common sense and precisely, not expect
everybody to behave as you are pretending personally or as you want
them, even when they are Debian developers, crackers or both, with or
without knowledge of the status.

> > madduck did not broke the keysigning party, but broke people that
> > trusted his ID and signed his key, IMNVHO.
> 
>         I am afraid I find such reasoning facile, and all too apologist
>  for crackers.  It is never the ault of the bank robbers, it is the bank
>  fault since they did not have better security dvices in place.  It is
>  never the fault of grifters, it is always the victims fault.

It's the victims fault if they trusted people blindly. The bank is
doors-open and the vault is lock free, just simply, do not rob us. Okay?
Agree? Okay, come in! Our bank trust you as a customer! Wait, sir! What
are you doing! Leave those money bags! Sir! Police!

The web of trust will not allow you to trust people blindly, but to
trust they are who they say they are by any level of security you have
applied on the analysis. To be honest, I don't trust many people and
exactly because people is not from Krypton: I know I can trust my
fiance, my mother, my father, my sis and that's all. I don't fully trust
you, or Gunnar Wolf, or madduck or the guy on the power that tells me
that a better future is coming. I don't understand why you had to trust
in people. The web of trust is a different thing of trust, it's about
identities, not trusting people they won't cheat on you or lift your
wallet.

>         I had pointed out last year about the difference between a res
>  team attack and what happened last year:
>   http://lists.debian.org/debian-devel/2006/05/msg03011.html
> 
>         And before you get on your high horse again, look at what
>  madduck said himself:
>   http://lists.debian.org/debian-devel/2006/05/msg03033.html
> 
>         Better yet, go read all the threads concerning the event from
>  last May, and come back if you have anything new to add.

I did last year, no need from you to tell people what to do. I attended
the KSP, refused to sign madduck and stayed away from the discussion on
the list since most people there reduced to whining on how he made fun
(or call it the way you really want, it's up to you) of, by cracking a
human system that is, precisely crackable, because it's driven by
humans, for humans, just like any other freaking system, like, for
instance, the NM process.

-- 
David Moreno Garza <damog@ciencias.unam.mx> | http://www.damog.net/
 Saca tus alas y empieza a volar.
Reply to: