On Sun, Jul 9, 2023, 16:25 Paul Moore <p.f.moore@gmail.com> wrote:
On Sun, 9 Jul 2023 at 15:56, Stephen J. Turnbull < turnbull.stephen.fw@u.tsukuba.ac.jp> wrote:
James Addison via Python-ideas writes:
The implementation of such a system could either be centralized or distributed; the trust signals that human users infer from it should always be distributed.
ISTM the primary use cases advanced here have been for "naive" users. Likely they won't be in a position to decide whether they trust Guido van Rossum or Egg Rando more. So in practice they'll often want to go with some kind of publicly weighted average of scores.
I'll also point out that I'm a long-standing Python developer, and a core dev, and I still *regularly* get surprised by finding out that community members that I know and respect are maintainers of projects that I had no idea they were associated with. Which suggests that I have no idea how many *other* people who I think of as "just another person" might be maintainers of key, high-profile projects. So I think that a model based round weighting results based on "who you trust" would have some rather unfortunate failure modes.
Honestly, I'd be more likely to go with "I can assume that projects that are dependencies of other projects that I already know are good quality, are themselves good quality". Which excludes people from the equation altogether, but which falls apart when I'm looking for a library in a new area.
Paul
Cautious +1, since PageRank did pretty well for a good stint in a somewhat analogous environment.