"no matter how strong is the encryption, it's useless if one keeps the passphrase under his keyboard..."
i do have faith in the trust metric system, but we still have to do our part to make it works. IMHO, we should at least, have a look at one's contributions to the open source community before granting certs. this will greatly reduce the chance of creating a 'master troll' eventually, since raph has made it so hard for trolls to 'gain level' by mass certifying each other.
i saw someone certified alan as apprentice! oh my, alan cox is an 'apprentice', then i should be a 'sub-observer'. i'm sure that alan don't mind about that, but it clearly illustrated how little does that guy know about the open source community.