On Mon, May 25, 2015 at 7:39 PM, Laura Creighton <l...@openend.se> wrote: > What people need to understand is that unless you want to stamp out > freedom altogether, there will be crime.
Or stamp out legislation altogether and have complete anarchy. There's no such thing as crime among animals, because there's no law beyond "survive". The solution isn't to try to eliminate crime, but to cope with it. Same with our own errors: accept and acknowledge that you WILL make mistakes, and cope with that. In a spiritual sense, that might define your religion; in a programming sense, that's exactly why we have source control, so we can find out what happened (and why) and fix problems once we find them. Would you use a program that got launched as version 1 and never changed? Would you trust it on the basis that it clearly has no bugs, because nobody's ever needed to fix any? I certainly wouldn't. Some things work well centralized, because differences are worse than slight benefits one way or another. In any given country, we usually all drive on the same side of the road. But a lot of things work better *de*centralized, so that if one person makes a mistake, other people can do things differently, and hindsight evaluation lets us choose which one to encourage. PyPI is decentralized; the Python standard library is centralized. The guardians of the latter are rightly slow to choose from multiple alternatives, preferring to let the decentralized collective mind of the former figure out which is the clear best - if there even is one. The best form of security is probably the GPG web of trust, being fundamentally decentralized and based on personal reputation. Imagine if, once you register a domain, you go talk to someone about getting a GPG key signed for it - or, better still, sign the server's key yourself, if you have a decent WoT for your own key (which I don't). It wouldn't be hard to use self-signed SSL certificates, sign those certs with a GPG key, and then let people download and install certs for anyone they consider trustworthy. In fact, this seems so obvious that I'm sure it's already been done. Trouble is, GPG isn't nearly well enough known for mass use... but it is going to be a lot more reliable than anything that depends on four countries' governments [1] agreeing. ChrisA [1] Yes, technically the United States of Europe is not a country. But just how structurally different is it from the United States of America? -- https://mail.python.org/mailman/listinfo/python-list