[clo-devel] Re: Please upload your public GPG key to common-lisp.net

Erik Enge eenge at prium.net
Tue Nov 11 19:17:03 UTC 2003


Marco Baringer <mb at bese.it> writes:

> which means that _i'll_ trust common-lisp.net's key, but i was
> wondering about people who aren't developers on common-lisp.net.

It's my understanding that here's where the "web of trust" is supposed
to help.  If common-lisp.net verifies plenty keys, then those keys
verify it, then prehaps the chances of you knowing someone who has
verified it (directly on indirectly) are growing by each developer added
to common-lisp.net.

Are there any other ways of doing it?

Since you now only have one key you must trust it should be easier to
find out if it has been hijacked.  You have all of common-lisp.net you
could call on the phone to verify the key, you could send emails, you
could stop by #lisp.  None of these are absolutes but I could think they
help?

Erik.



More information about the clo-devel mailing list