clo-devel

clo-devel@common-lisp.net

3 participants
610 discussions

Start a nNew thread

[clo-devel] Terminated Account
by Billy Fountain 10 Nov '03

10 Nov '03

1 0

[clo-devel] Re: Payment Past Due, account
by Alvaro Miles 10 Nov '03

10 Nov '03

1 0

Re: [clo-devel] Re: Please upload your public GPG key to common-lisp.net
by Erik Enge 07 Nov '03

07 Nov '03

Kevin Rosenberg <kevin(a)rosenberg.net> writes: > I'd recommmend keymaster(a)cl.net and have a web page which describes > the criteria for a key to be signed by the keymaster key. (I'd reserve > you signing keys with your personal key for those owners with whom you > meet in person and look at their photo id. It looks like this is the best approach. Since I'm not the most experienced with these things around here, I'll ask: do we want the key to just sign (no password) or to sign and encrypt/decrypt (then we need a password, if I understand correctly)? Erik.

3 2

Re: [clo-devel] Re: Please upload your public GPG key to common-lisp.net
by Erik Enge 07 Nov '03

07 Nov '03

Nikodemus Siivola <nikodemus(a)random-state.net> writes: > Imagine: somehow the key gets stolen. Now the purveyor of the key can > sign stuff as Common-lisp.net, including keys of maliscious package > authors, which people will then install and run because the author's > key was trusted by Common-lisp.net... Ok, good point. So, who gets to know the key, then? Erik.

2 1

[clo-devel] Re: Please upload your public GPG key to common-lisp.net
by Erik Enge 06 Nov '03

06 Nov '03

Kevin Rosenberg <kevin(a)rosenberg.net> writes: > Did I understand correctly that you'll be signing public keys that are > used are the common-lisp.net server? Yes. > If so, are you planning on signing them with your personal key or an > administrative, common-lisp.net key? Good question. What say you others? I think it sounds like a good idea to have an administrative common-lisp.net key. Erik.

2 1

Re: [clo-devel] Re: Please upload your public GPG key to common-lisp.net
by Erik Enge 06 Nov '03

06 Nov '03

Erik Enge <erik(a)nittin.net> writes: > Good question. What say you others? I think it sounds like a good > idea to have an administrative common-lisp.net key. Noone has disagreed with this so I'm going to assume they agree. What would be appropriate for this key with regards to real name and email address? "Common-Lisp.net Administrative Key" and "admin(a)common-lisp.net" perhaps? Erik.

3 4

[clo-devel] "authentication"
by Erik Enge 05 Nov '03

05 Nov '03

How do you know that packages left on common-lisp.net and signed with my key are really signed by me when you install them on your system? A slightly edited discussion on #lisp: <emarsden> it might be worth having common-lisp.net be a certificate authority, that issues X509 certificates for the software that it hosts (and other trusted sources). Pyramid of trust rather than web, easier to get into for newcomers <kire> emarsden: sounds like a fine idea. <dan`b> well, the question for cl.net is "by signing this key, what are we saying about its owner, or the software he uploads?" <kire> my respons would be: we say nothing except that we believe this key belongs to the publisher of that piece of software <dan`b> not that I'm altogether convinced by the debian approach either of signing when you have some mestspace proof that the person is who they say they are <dan`b> because usually it's the net.persona that you're interested in <emarsden> you're saying "this tarball has been signed by someone who's known to cl.net" <emarsden> which avoids the "someone modified cliki.net to point to a nasty tarball" problem <dan`b> kire: the interesting question to the end-user is "did this package come from someone with a cl.net account" <dan`b> so how much authentication do you do before giving accounts on cl.net out? <kire> dan`b: none, really. <emarsden> yes, "is trusted sufficiently to have an account" is fine <emarsden> the barrier to entry should be low, otherwise people will just work around the certificate check <kire> emarsden: yes, it must be made very straightforward. <dan`b> though in fairness to the cryptohippies, I would probably sign them as "partially trusted" not "fully trusted" if it's just "trusted sufficiently to have an account" <dan`b> so, for the cl.net application procedure, you ask people to send you signed mail to apply <dan`b> and you send the inital username/password etc details encrypted to that same key <dan`b> then you know that the cl.net user is the owner of the gpg key, and you can sign the key in question What do you guys think? Personally, I'm all for it. Erik.

3 2

[clo-devel] problem with anoncvs access to lgtk project
by Eric Marsden 28 Oct '03

28 Oct '03

Hi, Anoncvs access to the new lgtk problem doesn't seem to be working. % cvs -d :pserver:anonymous@common-lisp.net:/project/lgtk/cvsroot co lgtk cvs server: failed to create lock directory for `/project/lgtk/cvsroot/lgtk' (/project/lgtk/cvsroot/lgtk/#cvs.lock): Permission denied cvs server: failed to obtain dir lock in repository `/project/lgtk/cvsroot/lgtk' cvs [server aborted]: read lock failed - giving up -- Eric Marsden <URL:http://www.laas.fr/~emarsden/>

2 1

Re: [clo-devel] problem with anoncvs access to lgtk project
by Erik Enge 28 Oct '03

28 Oct '03

Eric Marsden <emarsden(a)laas.fr> writes: > Anoncvs access to the new lgtk problem doesn't seem to be working. It seems that Mario did not take care to make sure lgtk was the group-owner of the /project/lgtk/cvsroot directory (and all files below it). I've fixed that now and anoncvs for lgtk works again. Erik.

2 1

Re: [clo-devel] problem with anoncvs access to lgtk project
by Erik Enge 26 Oct '03

26 Oct '03

Marco Baringer <mb(a)bese.it> writes: > i've had the same problem with osicat. Fixed. Erik.

1 0

← Newer
1
...
54
55
56
57
58
59
60
61
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

clo-devel