[clo-devel] Re: Please upload your public GPG key to common-lisp.net

Erik Enge erik at nittin.net
Fri Nov 7 13:50:29 UTC 2003


Nikodemus Siivola <nikodemus at random-state.net> writes:

> Imagine: somehow the key gets stolen. Now the purveyor of the key can
> sign stuff as Common-lisp.net, including keys of maliscious package
> authors, which people will then install and run because the author's
> key was trusted by Common-lisp.net...

Ok, good point.  So, who gets to know the key, then?

Erik.




More information about the clo-devel mailing list