Re: [clo-devel] Re: Please upload your public GPG key to common-lisp.net

10 Nov 2003


      Erik Enge eenge@prium.net writes:
...
The weak link is of course that the user doesn't know if the public
  key is the author's or not.  Here's where our signing policy comes
  into play.  When developers apply for a project at common-lisp.net
  they receive their passwords encrypted (by mail) and if they
  successfully decrypt and answer the email, their public key will be
  signed by the common-lisp.net keymaster.  Thus, the users will have a
  means of verifying that they have the correct key.
ok, so this "guarntees" that the key belongs to whevere has access to
that account (which is good), but how do you get people to trust
common-lisp.net's key? am i missing something simple?
-- 
-Marco
Ring the bells that still can ring.
Forget your perfect offering.
There is a crack in everything.
That's how the light gets in.
     -Leonard Cohen

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

Re: [clo-devel] Re: Please upload your public GPG key to common-lisp.net