""Linux Foundation CEO Jim Zemlin issued a challenge to the members: LF itself needs decentralized trust solutions—starting with the #Linux #kernel project.

Jim explained the infamous XZ attack […]

Jim wanted a privacy-preserving solution that could protect any open source project by enabling developers to prove they were real persons with real first-person trust relationships—without requiring a centralized identity database.

[…]

Verifiable trust communities and verifiable membership credentials enable trust relationships to be verified not just within trust communities, but across trust communities. For example, a developer who is a member of one ​​open source project—such as the Linux kernel—could use that VMC to prove their credentials to a different open source project.

[…]

The goal is for the kernel project instance to be ready for maintainers to review at the Linux Kernel Maintainer Summit October 8 in Prague.""

https://www.lfdecentralizedtrust.org/blog/decentralized-trust-infrastructure-at-lf-a-progress-report

@kernellogger Did he just propose PGP/GnuPG web-of-trust? Isn't this like a 30 year old thing?

@krzk well, the text claims that "decentralized trust graph (DTG)" is supposed to "solve both the automation and scalability challenges of the web of trust model.". If that really is true: good question, I didn't care enough to really look deeply into this…

@kernellogger watching the video of the LF Member Summit presentation I was surprised by two things

1) They actually seemed to have a rudimentary discussion!
2) The attempt to capture the session was a complete failure: no video, no audio mic and presenters didn't repeat questions ... gosh I wish some related conference had worked out how to do this better so the LF could learn from it ...