Ah, the vagarities of the trust metric. I note with not- quite-amusement that my cert level flipped between observer and apprentice without any of my actual certs changing. This seems a bit falicious, to say the least. I'm sure there's an explanation/discussion posted in one of the multiple threads about the trust metric, but I don't have the time or interest to read them all.

In real life, I've been busy configuring Portsentry and Logchecker on most of the systems at work. I've still got the list of people for the handbook, but I haven't even had time to get email addresses correlated yet.

My wife has landed a job in Winchester, VA, so I'm starting to think about possibilities for relocating to the NOVA area. If anyone has an openning, let me know at dhagan@vt.edu (no attachments please). :-) I'd be interested in security or UNIX administration/development work.

Well, I've winnowed the list down to 532 'probables' for the people who need to be added. Now comes the fun part -- DocBook'ing them into the Handbook....

I think I'll just save that for tomorrow.

Well, I'm starting to compile a list of the people who have contributed to the FreeBSD project but aren't on the list of contributors. This is mostly a chore of personal curiosity combined with the desire to Do Something That Needs Done (tm). Right now I'm just starting out by grepping out all the Submitted by: lines from the CVS logs for the ports tree. I'll have to go back and do the other trees later.

Just a note to those who are committers, if you all could decide on a standard format for the Submitted by: line, it would make stuff like this infinitely easier. I hate editing 2000+ lines by hand to get everything into the same format....

Well, the documentation still doesn't mention the dimwit cert, but the recent diary by kelly is a 'sort-of explanation'. (At least, it explains how she views the certs, and thus makes me comfortable with their social import: namely, none :). ) Of course, she's also changed her cert to Aprentice now, so the issue is a bit moot at this point.

Certification Weaknesses

It would be interesting to see a discussion of the weaknesses of the certification system used here. I've been mulling over the concept, but I'm not ready to point out any real weaknesses yet. While the system does seem interesting in its ability to prevent external attack, I'd be interested to know the behavior of the system under internal division (i.e. the result of phk's article on Romeo & Juliet). I think a vulnerability of the current system may be that the seeds are too closely related. Given a small project (Jabber perhaps?) that is only loosely connected to the seeds, revocation of those few certs by irrate readers could decertify the entire group. What concerns me most about this possibility is the (possibly great) number of members of the sub-group who are not participating in the 'war' and could be decertified for no reason.

This certainly seems to indicate that not only is dense certification necessary, but that mature/lenient attitudes should be taken by those who certify others. Perhaps raph's comments about dense certification graphs have caused people to be overly enthusiastic with their certifications. Once they become more familiar with the people they have certified, they desire to 'de-certify' the person (hence reclassifying people like phk as dimwits).

My personal opinion is that the certs should be based on contributions to OSS and not the person's latest article. What particularly concerns me is not the people who certified phk as dimwit without knowing much about him, it's the people who had certified him as something else and changed their cert to dimwit because of the article he posted. If you thought phk's contributions to the OSS community where good enough for a cert before, why did the article suddenly change your mind? While the article could have been better tailored to the audience and phk's intended point, it certainly wasn't enough to erase his prior contributions to the community.

Maybe I'm just overlooking the role of petty politics and personal revenge in Advogato's system; the funny thing is I thought politics and revenge didn't really belong there to start with. Formal systems can never solve the trust problem in its social context, and this is probably one of the few forums that the members are qualified to understand that weakness and thus self-moderate their behavior to compensate for it.

Hmmm, I don't know what to make of the Dimwit cert from kelly. I assume it is related to her 'revoking' her certs for people as mentioned in her diary. It would be nice if the documentation mentioned the Dimwit category somewhere. Then I could decide on whether to be insulted or not :).