Negative Certs: I have mixed feelings about negative certs. They may not be appropriate for Advogato, but in terms of a trust metric, they do make a lot of sense. Trust is not just measured in positive amounts. There should be a difference between ambivalence (Observer) and active distrust. If I have had a dealing with someone, and they acted in a dishonorable manner somehow, I should be able to publish that fact, to help others judge whether or not that person can be trusted.
As I've said, this probably does not make sense for Advogato. Ambivalence is adequate. Unless you think that someone stole code and published it as their own, and is a no-talent hack that has convinced everyone of their greatness, there is no need for negative certification. But I think that negative certs are extremely useful when transactions come into play. Any time someone actively violates a trust relationship, that should be noted. In the coming future of peer to peer transactions, I want to make sure that I'm only dealing with trustworthy people.
I had a kind of cool thought - combining UDDI with a trust graph, so I always find the best service provider. For that to work, though, negative certs need to be taken into consideration. Once you get to something like this, trust becomes more complicated. You have to consider *how* you trust someone. Trust is not all-encompassing. How we represent that is going to be an interesting policy issue. I could go on, but this is a rant for another day. ;-)