[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: fingerprint of the archive signing key

On Tue, Jun 29, 2004 at 06:05:58PM +0100, Colin Watson wrote:
> On Tue, Jun 29, 2004 at 09:29:51AM -0700, Brian Nelson wrote:
> > martin f krafft <madduck@debian.org> writes:
> > > Andrew Suffield wrote:
> > >> There's no such thing as a trustworthy company.
> > >
> > > You're funny.
> > 
> > And he also speaks the truth.  Think about it.  What motivation does a
> > company have to be trustworthy?  The /appearance/ of trustworthiness may
> > matter since in this case, it would affect the bottom line.  However,
> > any company would do something dodgy to make an extra buck as long as
> > its outward appearance was not affected.
> If you know people in the company, you may well have good reason to
> believe that they would blow the whistle very loudly if the company were
> doing anything dodgy, and would be well-placed to know about the
> dodginess and sometimes to stop it in advance. (I can think of a couple
> of companies where I know this to be the case.)

So, in a roundabout way, you're supporting what Andrew said.  There's no
such thing as a trustworthy company.  Only trustworthy people.  In the same
way as you may trust an otherwise unknown key because someone you really
trust says it's OK, similarly you might trust a company because someone you
really trust says it's OK.

But companies survive beyond the participation of their constituent
individuals.  That's how good companies go bad -- the good people leave, to
be replaced by rapacious individuals you wouldn't trust with a bent penny. 
And Brian Nelson's comments apply in full force.

Companies are effectively schizophrenic[1] -- one day they're controlled by
one mind, the next by another.  You just can't trust an entity that may
totally change it's mind, and only has the moral compass which is in the
controlling mind of the minute.

- Matt

[1] Used in the lay sense of the word, not the strict medical sense.

Reply to: