On Tue, Jan 05, 2021 at 09:46:01AM -0500, Robert J. Hansen via Gnupg-users wrote: > On Tue, 2021-01-05 at 15:38 +0100, Werner Koch via Gnupg-users wrote: > > Virtually nobody uses the WoT... > > Strangely, the Linux kernel folks still use it a decent amount. > They're the only large group I can think of offhand, though.
Debian is much larger, though they've been moving away from the web of trust based on keysigning and towards a scheme based around signed digital documents (same idea, but certificates aren't bundled with keys themselves). The use of WoT is not really that strange. WoT works better than most alternatives in setups with decentralized infrastructure. While kernel.org does act as a "certification authority" of sorts, we merely check and enforce the web of trust before issuing accounts. Every step of the process is transparent and can be verified, per this document: https://korg.docs.kernel.org/pgpkeys.html -K _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
