A lot of the virtual world relies on ( somewhat hidden from end users ) layers of trust. We trust that some obscure agency is running the DNS root servers properly, we trust random SSL root certificates on our box preinstalls, we trust that a library called OpenSSL is reviewed by many smart people, we trust Amazon reviews, we trust a random package in NodeJS ir Debian repo to do what it claims etc.
In real world, trust is not a fixed, frozen in time notion, is never a binary true/false value. Moxie Marlinspike wrote in his proposal about replacing SSL PKi about the notion of "trust agility", but the issues are more complicated and apply in many other domains than just securing web traffic.
What are your thoughts on this? Does free software inherently bring something to the table here, or is it an orthogonal thing? Who should own the " root keys" to the internet?