On 1/23/06, nik gaffney <[EMAIL PROTECTED]> wrote: > > In that case, an even more productive proposal would to be to track down the > keys of any asdf packagers that are not in the web of trust provided by the > common-lisp.net keyring. Please feel free to edit http://wiki.alu.org/Securing_ASDF :) I don't think I have time to work on this myself, but I'll happily ask other people to work on it (hint, hint)!
> perhaps making the trust issues more explicit or obvious would be a more > suitable task than 'band-aid' measures. I agree. I'm not a huge fan of quick fixes, but the problem right now with ASDF-INSTALL is that it really is very vunerable - all it takes is a Wiki edit & punters to not check GPG (I personally never bothered to check when I used ASDF, and now I don't use it). The GPG check also needs to Just Work most of the time, and really ought to only complain when something is broken. Brad _______________________________________________ Gardeners mailing list [email protected] http://www.lispniks.com/mailman/listinfo/gardeners
