[clo-devel] Re: Please upload your public GPG key to common-lisp.net

Nikodemus Siivola nikodemus at random-state.net
Thu Nov 6 18:38:40 UTC 2003


On Thu, Nov 06, 2003 at 08:49:05AM -0700, Kevin Rosenberg wrote:

> I'd recommmend keymaster at cl.net and have a web page which describes
> the criteria for a key to be signed by the keymaster key. (I'd reserve
> you signing keys with your personal key for those owners with whom you
> meet in person and look at their photo id.

Ok. This makes more sense then admin as recipient. ;)

> Alternately, you can do like Debian and create a keyring file which
> contains the public key which cl.net trusts and publish that file so
> that downloaders of cl.net files can verify the signature of that file
> against the keys that are in the trusted keyring file. Then, there is
> no need for cl.net to sign any keys.

I think the signing can be better for now at least: it creates more
crypto-awareness in the community, and helps in kickstarting a web of
trust. Or so I hope.

Cheers,

 -- Nikodemus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://mailman.common-lisp.net/pipermail/clo-devel/attachments/20031106/7bdfe4c4/attachment.sig>


More information about the clo-devel mailing list