[clo-devel] Re: Please upload your public GPG key to common-lisp.net

[Erik Enge]

Nikodemus Siivola <nikodemus at random-state.net> writes:

> Imagine: somehow the key gets stolen. Now the purveyor of the key can
> sign stuff as Common-lisp.net, including keys of maliscious package
> authors, which people will then install and run because the author's
> key was trusted by Common-lisp.net...

Ok, good point.  So, who gets to know the key, then?

Erik.