[clo-devel] Re: Please upload your public GPG key to common-lisp.net
Nikodemus Siivola
nikodemus at random-state.net
Fri Nov 7 13:27:03 UTC 2003
On Fri, Nov 07, 2003 at 07:35:34AM -0500, Erik Enge wrote:
> do we want the key to just sign (no password) or to sign and
> encrypt/decrypt (then we need a password, if I understand
> correctly)?
I hope that Kevin corrects me if I'm wrong, but...
It doesn't matter: the passphrase is required in any case: it
guarantees the integrity of the key.
Imagine: somehow the key gets stolen. Now the purveyor of the key can
sign stuff as Common-lisp.net, including keys of maliscious package
authors, which people will then install and run because the author's
key was trusted by Common-lisp.net...
Had the key been protected by a passphrase this would not have
happened.
Cheers,
-- Nikodemus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://mailman.common-lisp.net/pipermail/clo-devel/attachments/20031107/07f9b2df/attachment.sig>
More information about the clo-devel
mailing list