When I started using CL 20 years ago, libraries were stored on cliki and any malicious user could put malware there. Any source you asdf-installed was generally GPG signed and the installer automatically checked signatures against your personal trust-chain.
Learning CL back then was my first introduction to GPG (and Emacs, and Linux)
> When I started using CL 20 years ago, libraries were stored on cliki and any malicious user could put malware there. Any source you asdf-installed was generally GPG signed and the installer automatically checked signatures against your personal trust-chain.
Which, in practice, involved downloading GPG public keys from cliki because I didn't know every single CL developer.
aidenn0|2 years ago
Which, in practice, involved downloading GPG public keys from cliki because I didn't know every single CL developer.