nothien at uber.space nothien at uber.space
Fri Mar 5 13:25:14 GMT 2021
- - - - - - - - - - - - - - - - - - -
"Drew DeVault" <sir at cmpwn.com> wrote:
I disagree with any feature which involves the client periodically
requesting a specific file from the server, for reasons we should
probably not re-hash.
The intention is not for ordinary clients to have to do this (unlessthey want to), but for servers distributing these trust lists to performthis verification/update.
Why use a technical solution when a social solution would be suitable?
A much easier way is to simply announce the upcoming cert change in
your gemlog.
Petite Abeille has addressed this neatly:
Because of the scale of the network.
Such "social" approach works in the small, but doesn't scale.
It simply moves the problem around: now the burden of proof is on the
user to check some sort of "announcements" and act on it meaningfully.
Each and every single time.
~aravk | ~nothien