jstanley parent
hachyderm.io says it has a validated link to his homepage, but if you don't already trust hachyderm.io that means nothing.
It means a lot - you need to check the other side's meta to confirm yourself. https://fedi.tips/how-do-i-verify-my-account/
For example, at https://www.chiark.greenend.org.uk/~sgtatham/ : (the rel=me is the important part)
[...] <a rel="me" href="https://hachyderm.io/@simontatham"> [...]And that's why the fediverse thing is so niche :)
Looks like it's as complicated as a parts inventory system developed in house for a half a million employee company...
There's a link on one side and a meta tag on the other. It's as simple as you can make the validation between two sites. It's not even fediverse-specific really - there were other services doing something similar before.
It's because freedom and correctness is hard. Yeah, most people prefer convenience and would rather someone be the source of authority to do it for them, but people on fediverse are not those kind of people.
No, it really means nothing. Identity on the internet is not a solved problem.
You are wrong.
It means that whoever owns the website marked as verified also owns the social account. See https://joinmastodon.org/verification for a quick overview of how it works.
No, it means a certain link exists on the website. On Hacker News of all sites, I would think we should all know that's not sufficient evidence of identity for an update regarding the source of critical software like a terminal.
Nobody claimed it validates the identity in any way. It validates that the person at the other website confirms it's their social account and the social account matches the other direction. The real identity is not involved here in any way and never was. You're disagreeing with someone nobody here raises.
But the link validation confirms that if you believed that the original download site belongs to the author, then you would have almost the same guarantee about the social account. (+/- the chances of the putty website being hacked)
If A is saying "I'm also B" an B is saying "I'm also A" then you for most purposes you can trust that A and B are the same person, no?
If you check the source of the website that it links to [1], on line 168, we have this
<p>I'm on Mastodon as <a rel="me" href="https://hachyderm.io/@simontatham">@simontatham@hachyderm.io</a>.</p>
If you trust that website, then you can be sure that this Mastodon account is the right one.
Sure, but by the time you've verified that, you could also have just visited the PuTTY website (the old/current one) to verify that putty.software is legit.