Rare condition incompatibility of public key

Robert J. Hansen rjh at sixdemonbag.org
Mon Dec 1 07:00:29 CET 2008


David Shaw wrote:
> I think that last question is irrelevant, as it follows from the
> "doesn't trust versions that Phil hasn't worked on", which makes it
> derived from a false premise.  It does not matter whether Phil has
> worked on 7.0 and later, or indeed any version of PGP, because Phil
> being involved does not ipso facto cause PGP to be good (for whatever
> value of "good" you like).

Warning to all: I am going to be even more blunt and direct than usual.
 If my usual level bothers you, as I know it does for some people, you
may wish to just hit 'delete' and move on.






It does if your definition of "good" is "Phil Z. worked on it."

I agree that the axiom is crazy, but it doesn't do much good to tell
someone "your axiom is crazy, change it" if they're not capable of
either (a) understanding why their axiom is crazy or (b) how to apply
their new axioms in a consistent way.

In my experience it works better to say "well, assuming /arguendo/ that
you're right and nothing non-PRZ related should be trusted, why aren't
you trusting these things PRZ is involved in?".  That gets people
thinking logically and critically about how their policy decisions
evolve from their axioms.  Once they have some experience at critical
thinking with respect to trust, then it's time to say "so, if we were
going to draft new axioms from scratch, what should they be and why?"

I fully agree that the axiom is somewhere between "crazy" and "grossly
misinformed."  Unfortunately, in my experience the overwhelming majority
of users don't understand trust, don't want to understand trust, and run
away screaming when asked to think about trust in a logical manner.  You
have to bring them to rationality slowly and in infinitesimally small doses.





More information about the Gnupg-users mailing list