I must say that I never really liked the "Web of trust" concept. Trust isn't transitive, and there is no uniform standard for trust. So when I see that there is some number of chains of "trust" between two keys I don't really know what that means. It might sound impressive but unless I understand it (and I don't - sorry) it is just security theater.
Linus recently observed that not very many people had signed his GPG key, but that wasn't really important. The important thing was that his key had signed all the recent linux releases. So that key must belong to the person who is leading kernel development. That the name of his driver's license happens to be Linus Torvalds is largely irrelevant.
Rather that key-signing-parties to establish as "web of trust" it make more sense to me for all kernel developers to start signing all emails (at least) with their GPG key. Not to prove that they wrote the email, but to increase confidence that they own that key. It is a history of behaviour rather than collection of key-signing parties that builds trust for me.
[I wonder if the message and the following signature will survive any transformations that lwn and your browser do...]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
-----END PGP SIGNATURE-----
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds