[clo-devel] Re: Please upload your public GPG key to common-lisp.net

Marco Baringer mb at bese.it
Mon Nov 10 20:31:38 UTC 2003


Erik Enge <eenge at prium.net> writes:

>   The weak link is of course that the user doesn't know if the public
>   key is the author's or not.  Here's where our signing policy comes
>   into play.  When developers apply for a project at common-lisp.net
>   they receive their passwords encrypted (by mail) and if they
>   successfully decrypt and answer the email, their public key will be
>   signed by the common-lisp.net keymaster.  Thus, the users will have a
>   means of verifying that they have the correct key.

ok, so this "guarntees" that the key belongs to whevere has access to
that account (which is good), but how do you get people to trust
common-lisp.net's key? am i missing something simple?

-- 
-Marco
Ring the bells that still can ring.
Forget your perfect offering.
There is a crack in everything.
That's how the light gets in.
     -Leonard Cohen





More information about the clo-devel mailing list