[clo-devel] Re: Please upload your public GPG key to common-lisp.net
erik at nittin.net
Fri Nov 7 13:50:29 UTC 2003
Nikodemus Siivola <nikodemus at random-state.net> writes:
> Imagine: somehow the key gets stolen. Now the purveyor of the key can
> sign stuff as Common-lisp.net, including keys of maliscious package
> authors, which people will then install and run because the author's
> key was trusted by Common-lisp.net...
Ok, good point. So, who gets to know the key, then?
More information about the clo-devel