Security celebrities have been shitting on the PGP Web Of Trust as an idea we should abandon in favor of centralizing trust on corpos.

Meanwhile the internet is filling with AI bots using fake corpo accounts and no one can tell who is human anymore. Huh.

WoT has never mattered more, and it is time we anchor modern tooling back to the human roots that built the internet.

My fellow [Stageˣ] maintainer Kron, Zoë Finja Emilia makes a strong visual case.

https://kron.fi/en/posts/stagex-web-of-trust/

As the founder of the Stagex Linux distribution and a California resident, my official position on operating system age verification mandates is that I personally will not implement it, and I doubt anyone else will.

Our decentralized and multi-party cryptographic signing design means no single person or entity has the power to make changes to the distribution alone.

But please, California lawmakers, try to make me. I would get off on making you look like idiots in court.

That is all.

Veritasium just dropped a video on ethics of the FOSS movement, right to repair, digital sovereignty, and the idea that closed source software has absolutely no role in supply chain security.

In recent years my teammates and I have shifted our entire careers to FOSS supply chain security engineering in spite of constantly being told our work is a waste of time. We feel seen!

https://yewtu.be/watch?v=aoag03mSuXQ

Shameless plugs @ https://caution.co https://distrust.co and https://stagex.tools

I wonder if there were people that thought Stallman was a bad person for using a proprietary compiler to build the first version of GCC.

I exclusively write FOSS, but sometimes I don't understand the purity tests of the FOSS community.

As long as a PR author fully read the the code, and it was not largely copied from any other project, I don't care what kind of autocomplete magic was used.

FOSS is at too big of a disadvantage to be picky about useful contributions that respect the license.