On 7/28/06, Sean Champ gimmal@gmail.com wrote:
In regards to the public GPG key that would be provided in a request for a project, must that key have been registered in a public keyring?
No.
and must the key be marked as to be 'trusted' of anyone?
No.
of a key system: I am wondering if the keyring provided at http://common-lisp.net/keyring.asc would be able to contain key revocation markers. (I am not aware of what is the internal structure of a keyring, but that it would probably contain public keys for people)
Yeah.
Thirdly, then, most directly: I would like to voice an inquiry, as for what are the means by which a key added to that keyring would be marked as invalid -- like, as for what would be the means by which a key revocation certificate (?) would be delivered on a key made to that keyring, and verified as that it was delivered by whom had delivered the original key. (I am assuming that that would consittue the mechanism for it, to invalidate a key in that keyring).
Just upload your public key to your home directory and let me know and it'll get imported over again and the revocation certificate would carry with it.
Fourthly, a question: Regarding the public key that would be provided on a project request, then if the project-request will be accepted, will that public key be added onto the keyring at http://common-lisp.net/keyring.asc ?
Yes.
If I have not made a matter sufficiently clear, in what I have endeavored to address, above, then on inquiry, I may be glad to clarify. I would like to avoid comment, however, as about why I would find cause to state such a matter, explicitly.
Basically, you need to create a GPG key and send me the public key. http://www.gnupg.org/(en)/documentation/howtos.html should get you started. When you've created it just submit your request to admin@common-lisp.net and I'll create your project. I will then use the key you submitted to encrypt a password which I'll email back to you. That's pretty much it.
Thanks, Erik.