>> maybe a more constructive way to work with the existing system, could be to >> issue a certificate on behalf of cl-gardeners, then have someone who signs >> the >> keys of known asdf-installers. then, if the installer trusts the gardener >> certificate, each of the asdf-installers who key is signed by the cert are >> also >> trusted. > > As a datapoint, common-lisp.net requires all members to have a GPG key > and exports it's keyring: <http://common-lisp.net/keyring.asc>. > All[1] keys are signed by the common-lisp.net keymaster key. > > Erik. > > [1] Actually, not all, but I'm taking care of that.
In that case, an even more productive proposal would to be to track down the keys of any asdf packagers that are not in the web of trust provided by the common-lisp.net keyring. perhaps making the trust issues more explicit or obvious would be a more suitable task than 'band-aid' measures. nk _______________________________________________ Gardeners mailing list [email protected] http://www.lispniks.com/mailman/listinfo/gardeners
