I think we'll see them again. Not as something you own like property but as something you own like responsibility.
The holder of this NFT is the package maintainer. Only their signing keys can bless releases as official. Contracts exist to transfer this role to their successor in response to election outcomes or in response to them going dark for too long. That sort of thing.
No need if your threat model lets you trust GitHub, but eventually software will mediate something important enough that handing Microsoft the keys is not an option.
I don't work with certificates often, but my impression is that when the statement that they certify changes in some way, trusted back channels must exist to put a new certificate in place. You can use clock time to control when they're valid, but they can't adapt to more complex conditions than "what time is it?"
This means that they can't be any more trustworthy than the least trustworthy admin who as access to those back channels.
That's unnecessary attack surface. It's also a transparency problem because there's generally not a way for consumers of the certificate to audit the workings of those back channels.
A blockchain doesn't address the people-trust issue at all. Anyone who has the keys to the address can do whatever they want. You can give other people the keys, just like you can give other people access to the certificate issuance and validity tooling.
That's like saying that cars don't address the where-to-park issue at all.
It's up to you, the author of the contract/dapp/whatever, to decide on the conditions under which it should make changes, and its up to the users to decide, based on its code, whether they should trust whatever other users (or keys, or data) that it indicates.
Users trusting users, not users trusting infra.
(Yeah, ok, you could call the contract "infra", but the difference is that once you publish it, you no longer have a privileged position to alter its behavior. It is to be trusted, or not, based on its merits, not on yours. The same cannot be said for certificate authorities, DNS records, databases, or websites, whose maintainers typically retain privileges that are not shared with the rest of us.)
> That's like saying that cars don't address the where-to-park issue at all.
They don't. Trains and busses do, though, which is why they're better - that’s the difference between a functionally equivalent technology and a superior one. Not really sure what you're getting at.
Even folks into the deep end of crypto ignore their own "code is law" ethos if the outcome is unfavorable (see cases of incorrect transactions, DAOs ignoring decisions, etc). Why'd one expect crypto rules to be binding outside of its universe then?
It's not about whether the rules are binding. If the rules have the support of the users and so do their violations, then it's all good.
I mean, maybe you should think twice about participating in a rule set that comes with a community that feels the need to break the rules regularly, but that's all somewhat orthogonal to the language used to express those rules.
NFT's are the adversary-resistant equivalent of mutexes and semaphores. It seems short sighted to think that we'll never need that.
Even if trust in crypto never improves, there's still room for trust in cloud providers to degrade. That is, regrettably, the typical direction when it comes to companies.
I'm proposing that it will be an NFT which indicates to you that that person is a judge.
Governments get cancer and become ineffective. Then they're replaced by new ones through revolution. The tools of revolution become the buerocratic machinery of the subsequent regime.
You don't need crypto unless you're coordinating against a powerful adversary--like a government--so I think it's reasonable to assume that crypto will end up being part of the revolutionary's tool belt, and therefore part of the buerocratic machinery.
The holder of this NFT is the package maintainer. Only their signing keys can bless releases as official. Contracts exist to transfer this role to their successor in response to election outcomes or in response to them going dark for too long. That sort of thing.
No need if your threat model lets you trust GitHub, but eventually software will mediate something important enough that handing Microsoft the keys is not an option.