In my mind it could be something run on a local lan, or at the organization or neighborhood ISP level. In those cases there is still a question of how trustworthy those sources are. But there is also a reduction in the ability to compromise many connections. An attacker targeting a specific computer or person or organization still has an avenue, but there is much less room for compromising the entire scheme as a whole (of which there is plenty of room currently).
The solution as presented doesn't solve ALL of our problems, but solutions rarely do, and it's not reasonable to expect them to. But it does solve SOME, and doesn't present any new ones (although I expect to eat my words as I type that). Progress is progress, even if it doesn't get us the full mile.
As for trusting those writing this particular software, we don't really have to trust them, we simply have to trust the code.
The solution as presented doesn't solve ALL of our problems, but solutions rarely do, and it's not reasonable to expect them to. But it does solve SOME, and doesn't present any new ones (although I expect to eat my words as I type that). Progress is progress, even if it doesn't get us the full mile.
As for trusting those writing this particular software, we don't really have to trust them, we simply have to trust the code.