[clo-devel] Re: Please upload your public GPG key to common-lisp.net

Nikodemus Siivola nikodemus at random-state.net
Tue Nov 11 19:13:29 UTC 2003

On Tue, Nov 11, 2003 at 08:04:07PM +0100, Marco Baringer wrote:

> which means that _i'll_ trust common-lisp.net's key, but i was
> wondering about people who aren't developers on common-lisp.net.

Two answers:

 There is no easy way, I'm afraid. I suppose that individuals signed
 by Common-lisp.net should also sign the Common-lisp.net key, and
 try to exchange keys generally with the rest of the world (in a
 secure manner, of course), in hopes that a newcomer can find some
 entry point to the web of trust.

 Since people are lazy, many will decide to trust the key available from
 Common-lisp.net, even if they can't verify it. This means that those
 who get the key when Common-lisp.net is cracked lose.


 -- Nikodemus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://mailman.common-lisp.net/pipermail/clo-devel/attachments/20031111/be3d4a6d/attachment.sig>

More information about the clo-devel mailing list