> Now, I meant the former, while I suspect you read the latter ?

Indeed...

> I think this'd be very inept misuse of the tools

... and agreed! :D

@billymg: I'm going to have to ruminate on your "V Repository" idea for now, at least until I've revisited Diana's "V-Tree Nursery", because for some reason it looks to me like it's quite related to the subject.

I like phf's patch visualizer too and was thinking potentially one could be built that pulls from code shelves hosted on individual blogs via a standard API. So for example, let's say you stand up a new "V Repository" and configure it to include patches from billymg.com, thetarpit.org, ossasepia.com, bvt-trace.net, etc. etc. and then the software reads data from /code-shelf/vpatches.xml from each site to construct something similar to phf's thing but automatically updated when any included blog publishes a new patch to its code shelf. It could generate graphs for the v trees, automatically create backups of the patches, generate archive.is links for the introductory articles, etc.

So the "V Repository" (mapping to what's currently btcbase.org/patches) would be its own thing, that anyone could choose to stand up and configure (like the new logotrons), but would be able to read from a standard code shelf API hosted by mp-wp instances.

It's a feature in the sense light and heat are welded, non-optional call-it-what-you-will basic property of the universe.

I think perhaps our difficulties here come from an unresolved ambiguity, whereby "signature" denotes indistinctly two things : both the number which allows one to verify signatures issued by a certain key ("the signature" as in, the pubkey) and the number which allows one to verify a certain piece of text was "signed" in this manner by a certain pubkey ("the signature" as in, the respective rsa digest). Now, I meant the former, while I suspect you read the latter ?

> how does a signature line "get" there in the first place?

In my mental model, you can just copy/paste it in. Or I guess out, for the same money.

> Then the other problem implied being, what if I trust none of the signatories there?

This isn't the right node to attach this problem. If you don't know anyone, get some friends, go out more, all that.

> maybe the presence of that signature there gives me a reason might give me reason to not use said code in this hypothetical scenario I'm pulling out of my ass?

I think this'd be very inept misuse of the tools, or to quote

If Morrissey says not to eat meat, then I'm going to eat meat; that's how much I hate Morrissey.

> I just meant, "this is how a clearsigned file'd look"

Oh I see, that makes sense.

> you may only choose from among what's already there

Is that a feature though? The side-question arising here being, how does a signature line "get" there in the first place? Then the other problem implied being, what if I trust none of the signatories there? Sure, then that's probably a problem with me, not the signatories, I'm just trying to figure out why do it this way and not the other, and what "this [technical] way" entails from a political point of view.

> how could you have rated someone -10 without having their signature ?

I don't understand. Maybe I rated them before they signed that, for some unrelated reason? Maybe I don't trust the hypothetical AlexisTexas to sign code at all on some previously established basis. I don't know, which begs the question: maybe the presence of that signature there gives me a reason might give me reason to not use said code in this hypothetical scenario I'm pulling out of my ass? If anything, this'd be an argument for including the signatures in the V patch, sure.

> FIX IT.

No argument here. I'm not complaining about the machinery, I'm just not convinced that this patch+signature organization is the right way to go and so I'm poking at it, is all.

@billymg: So if I understand correctly, this would provide a bit of automation to explore and grab V patches? Maybe it's worth detailing your reasoning here. FWIW, my biggest issue at the moment is the lack of a (at least partially automated) graphical means to look at the V trees, similarly to phf's thing. I don't know if including this in MP-WP is desirable by the maintainers, but it'd definitely get me to use the plugin.

There's nothing wrong with hosting patches in a web accessible directory and letting users browse that way. The advantage of a formatted page, when visited via a graphical www client, is that the information can be annotated. In the wireframe example, one can see at a glance for each patch (without navigating one level deeper) the signatures as well as a link to the announcing article for more context. The patches for each included project are also laid out in a single page, separated by secttions, with a tarball link for each vtree. None of this precludes having the underlying file structure on the server be a simple nested directory, navigable via graphical www client or command line.

I mainly put together these wireframes as a way of getting my interpretation of these ideas out of my head in a way that others could review/discuss. Based on the comments so far it sounds like code-snippets-via-some-new-markup is ready for work, while features like inline comments or the code shelf need some more consideration as to how they would be implemented and as to their utility in general.

Well, terrible fucking example for this purpose.

This is the problem with examples, they exemplify one thing not all the things, under pain of never being done constructing one otherwise. Should I have put it through a differ and everything first, to produce a proper patch looking thing, rather than just a simple textfile ? Should it have had a proper genesis first ? Should I maybe first go write an actual tree and then ?

I just meant, "this is how a clearsigned file'd look", I didn't mean "let's ditch patches and regress to signing the actual code" anymore than I meant "all programs must be hello world from now on".

> I wouldn't understate the ability to choose the signatories of a V patch, because I want it to reflect my own WoT

Definitely. However, your "choice" is very limited : you may only choose from among what's already there. You don't get to choose in any other sense than this eliminatory approach.

> what am I going to do with the couple of signatures I don't give two shits about then?

Nothing.

Is this so bad ?

> Why would I be forced to do that?

Your "that" is two orthogonal things. This is unhealthy. Proceeding on the resolution of the mix, on one hand how could you have rated someone -10 without having their signature ? If you've rated them you're stuck with them, that's what ratings mean. And on the other hand, who the fuck is forcing you for your machinery to be broken ? If your terminal isn't flowing lines the way you want it to, fix it, and if your whatever else, signature parser, doesn't parse signatures the way you want it to -- notably, by complaining of missing signatures from people you don't want it to complain about -- FIX IT.

> That said, I do see the point in mentioning the author(s) of some piece of code in the source file itself.

None of the foregoing had anything to do with a (necessarily doomed from the onset) attempt to rescue the moronworld notion of "author" into republican primitives. It's a great way to waste one's time, granted, but as it happens we're not at all in need of more of those.

What's wrong with e.g. http://lucian.mogosanu.ro/src/? It looks like a more than decent V patch repository to me -- and I've had no one bitch about it so far, but perhaps now's a good time for that.

That said, I do see the need for annotating/discussing code, but it's entirely unclear to me how said annotations would work. Inline comments look cool, IMHO.

@Mircea Popescu:

> Consider something like this :

From what I see, this would change the semantics of "signatures attached to V patches" to "signatures attached to source code files"? I.e. the signatory is not signing the change anymore, but the actual source file. Moreover, given that V patches contain the hashes of both the "old" and the "new" version of a file, it could be said that currently signatures are attached to (or well, detached from) all these three elements (old file, new file and code changes), whereas in your example I don't see this.

Am I missing something here?

> Detached signatures permit people to pretend they don't know whom they're copying.

Certainly. On the other hand I wouldn't understate the ability to choose the signatories of a V patch, because I want it to reflect my own WoT. Maybe I don't know who Dillion-Harper is and I've rated AlexisTexas -10 for some reason, so say I only trust AsaAkira and madison_ivy: what am I going to do with the couple of signatures I don't give two shits about then? Just import them in my tree because, well... they're there? Why would I be forced to do that?

And sure, if I'm stupid enough then I'll include zero signatures in my repository and I'll (mis)use it the way heathens use GitHub. Let the WoTless folk shoot themselves in the foot, why not.

That said, I do see the point in mentioning the author(s) of some piece of code in the source file itself. Though as things stand, I think manifests also work fine for that purpose, as far as V patches stand.