[pas]

... if we want security it needs trust anyway. it doesn't matter if it's amazing Code GPT or Chad NSA, the PR needs to be reviewed by someone we trust.

it's the trust that's the problem.

web of trust purists were right just ahead of the time.

[bee_rider]

It would actually be sort of interesting if multiple adversarial intelligence agencies could review and sign commits. We might not trust any particular intelligence agency, but I bet the NSA and China would both be interested in not letting much through, if they knew the other guy was looking.

[ecshafer]

That is an interesting solution. If China, US, Russia, EU, etc all sign off and say "yep this is secure" we should trust it. Since if they think they found an exploit, they might assume the other people found an exploit. This is a little bit like the idea of a fair cut for a cake. If you have two people that want the last slice of cake, you have one cut and the other choose the first slice, since the chooser will choose the biggest slice, so the slicer knowing they will get the smaller will make it as equal as possible. In this case the NSA makes the cut (the code), and Russia / China chooses if its allowed in.

[Muromec]

NSA makes the cut and China picks the public key to use.

In all seriousness, those people will quickly find some middle ground and will just share keys with each other

[bee_rider]

Maybe also throw EFF into the mix.

[grepfru_it]

this is why microsoft bought github and has been onboarding major open source projects. they will be the trusted 3rd party (whether we like it our not is a different story)

[cqqxo4zV46cp]

That just…doesn’t make any sense.

Everyone starts from zero and works their way up.

[pvg]

Chad NSA

It's called the ANS is Chad.