> I have added a new project proposal, Securing ASDF - though it really > ought to be Securing ASDF-INSTALL. Basically, clone the Wiki page to > a static page controlled & maintained by us, then submit a patch to > ASDF-INSTALL that looks at our page as well & recommends using our > page because it is safer.
.. . or provides a better illusion of safety at least :) while the gpg based decentralised system may look like its easy to 'compromise' by changing a wiki page, blindly trusting a centralised site would be more of a problem if that site is compromised. with the current system, an installer only needs to 'trust' the author, rather than the author and repository. maybe a more constructive way to work with the existing system, could be to issue a certificate on behalf of cl-gardeners, then have someone who signs the keys of known asdf-installers. then, if the installer trusts the gardener certificate, each of the asdf-installers who key is signed by the cert are also trusted. if anyone is interested, please read the following post -> http://groups.google.com/group/comp.lang.lisp/msg/20f2b76bf89f011f nik _______________________________________________ Gardeners mailing list [email protected] http://www.lispniks.com/mailman/listinfo/gardeners
