this could be a trickier problem to solve than it appears at first glance. a malicious actor could generate npubs that build up a good reputation overtime
Agreed, as @Zapstore said, striking a balance between permissionless and secure, is a real challenge. I think WOT is useful but things like signatures far more reliable (so should be made more prominent). In the end it'll be a balance of all things, I guess: WOT, comments/ratings, dev signing... all these things combined put together a clearer picture.
