Erik Enge eenge@prium.net writes:
I'm guessing that when you send me your public key to register for a project and I reply with your password in an encrypted email (signed with the common-lisp.net key), you import the common-lisp.net key and sign it and then use it to verify the keyring whenever you need to. Does that sound like a plan?
which means that _i'll_ trust common-lisp.net's key, but i was wondering about people who aren't developers on common-lisp.net.