Originally I meant author of the piece who would confirm the sale. But basically anyone who feels like writing into the commit log, which can be a creator, a consumer for confirmation, a trustee or a clearing entity that creates merge commits. Even multiple commits by the same person are thinkable if there are handshakes.
> The whole point of a blockchain is for people who can’t trust each other.
I guess that's a very valid point and from my understanding the anonymity baked in is quite unique. And yet, even if I bought say coffee from an independent online market. Probably it's good to have a chain of trust to the seller to know that it's high quality. (Like Amazon reviews)
After all this is what GPG or x509 provide, a chain of trust.
You can achieve consensus at small scale with an empty merge commit that merges several commits made by a quorum of trusted authors. You do not need to solve consensus at a large scale with no trust, and you cannot solve consensus at a large scale with no trust. Bitcoin has some mathematical approximations, but they are approximations, and the 51% attack is not only possible, but highly feasible. There's a reason why " six confirmations" was a long-lasting meme in the Bitcoin community
That's actually kinda funny because at first I couldn't think of a single reason why that doesn't solve exactly the same problem.
I guess you can't prove who is 'in control' of the repo - the author could have sold the key privately and there's no way to tell if they sold it to multiple new owners.
Kinda like art in the 'real world' - you can 'prove' its the original but no way to tell whos hands its changed through over the years.
Disclaimer: I have only a vague idea about the whole underlying tech but I've also been wondering if there isn't a simpler approach.