Marco Baringer <mb@bese.it> writes:

which means that _i'll_ trust common-lisp.net's key, but i was wondering about people who aren't developers on common-lisp.net.

It's my understanding that here's where the "web of trust" is supposed to help. If common-lisp.net verifies plenty keys, then those keys verify it, then prehaps the chances of you knowing someone who has verified it (directly on indirectly) are growing by each developer added to common-lisp.net. Are there any other ways of doing it? Since you now only have one key you must trust it should be easier to find out if it has been hijacked. You have all of common-lisp.net you could call on the phone to verify the key, you could send emails, you could stop by #lisp. None of these are absolutes but I could think they help? Erik.