Re: [clo-devel] Re: Please upload your public GPG key to common-lisp.net

Nikodemus Siivola <nikodemus@random-state.net> writes:

Imagine: somehow the key gets stolen. Now the purveyor of the key can sign stuff as Common-lisp.net, including keys of maliscious package authors, which people will then install and run because the author's key was trusted by Common-lisp.net...

Ok, good point. So, who gets to know the key, then? Erik.