Home / Browse / Steel Bank Common Lisp / Mail / Archive

Steel Bank Common Lisp

Email Archive: sbcl-help (read-only)

2000:	_Jan	_Feb	_Mar	_Apr	_May (1)	_Jun (2)	_Jul (2)	_Aug	_Sep	_Oct	_Nov	_Dec (3)
2001:	_Jan	_Feb	_Mar	_Apr (1)	_May (8)	_Jun	_Jul (2)	_Aug (3)	_Sep	_Oct	_Nov	_Dec
2002:	_Jan	_Feb (2)	_Mar (3)	_Apr	_May (5)	_Jun	_Jul	_Aug (2)	_Sep (3)	_Oct	_Nov	_Dec (8)
2003:	_Jan (5)	_Feb (4)	_Mar (14)	_Apr	_May (27)	_Jun (10)	_Jul (3)	_Aug (28)	_Sep (27)	_Oct (3)	_Nov (14)	_Dec (19)
2004:	_Jan (32)	_Feb (15)	_Mar (21)	_Apr (69)	_May (18)	_Jun (15)	_Jul (23)	_Aug (14)	_Sep (38)	_Oct (20)	_Nov (76)	_Dec (27)
2005:	_Jan (24)	_Feb (32)	_Mar (39)	_Apr (65)	_May (69)	_Jun (37)	_Jul (32)	_Aug (28)	_Sep (28)	_Oct (17)	_Nov (30)	_Dec (24)
2006:	_Jan (45)	_Feb (38)	_Mar (19)	_Apr (26)	_May (19)	_Jun (29)	_Jul (13)	_Aug (26)	_Sep (53)	_Oct (46)	_Nov (40)	_Dec (85)
2007:	_Jan (45)	_Feb (51)	_Mar (69)	_Apr (48)	_May (75)	_Jun (35)	_Jul (35)	_Aug (25)	_Sep (11)	_Oct (16)	_Nov (9)	_Dec (59)
2008:	_Jan (36)	_Feb (17)	_Mar (28)	_Apr (13)	_May (1)	_Jun (25)	_Jul (24)	_Aug (52)	_Sep (19)	_Oct (52)	_Nov (43)	_Dec (80)
2009:	_Jan (33)	_Feb (30)	_Mar (18)	_Apr (15)	_May (29)	_Jun (58)	_Jul (48)	_Aug (35)	_Sep (52)	_Oct (59)	_Nov (46)	_Dec (31)
2010:	_Jan (26)	_Feb (45)	_Mar (55)	_Apr (59)	_May (8)	_Jun (24)	_Jul (43)	_Aug (31)	_Sep (43)	_Oct (33)	_Nov (41)	_Dec (19)
2011:	_Jan (17)	_Feb (31)	_Mar (5)	_Apr (31)	_May (17)	_Jun (28)	_Jul (15)	_Aug (38)	_Sep (21)	_Oct (25)	_Nov (21)	_Dec (21)
2012:	_Jan (9)	_Feb (22)	_Mar (17)	_Apr (16)	_May (58)	_Jun (13)	_Jul (40)	_Aug (12)	_Sep (10)	_Oct (10)	_Nov (14)	_Dec (4)
2013:	_Jan (9)	_Feb (8)	_Mar (17)	_Apr (10)	_May	_Jun (8)	_Jul	_Aug	_Sep	_Oct	_Nov	_Dec

[Sbcl-help] ASDF-INSTALL matter of trust

From: David Steuber <david@da...> - 2004-04-13 02:27

I'm trying out asdf-install which seems really cool.  However, I keep
getting kicked into the debugger (I'm just running sbcl directly)
because of this:

debugger invoked on a ASDF-INSTALL::KEY-NOT-TRUSTED in thread 9035:
  GPG warns that the key id 0x112ECDF2C4A3823E (Kevin M. Rosenberg <kmr@...>) is not fully trusted

You can type HELP for debugger help, or (SB-EXT:QUIT) to exit from SBCL.

restarts (invokable by number or by possibly-abbreviated name):
  0: [CONTINUE      ] Install the package anyway
  1: [SKIP-GPG-CHECK] Don't check GPG signature for this package
  2: [ABORT         ] Reduce debugger level (leaving debugger, returning to
                      toplevel).
  3: [TOPLEVEL      ] Restart at toplevel READ/EVAL/PRINT loop.
(ASDF-INSTALL::VERIFY-GPG-SIGNATURE/STRING
 "-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQA/ldOcES7N8sSjgj4RAuGIAJsHxxP7mKT4UBRR5NBlPj3r1lXBPACbBqPF
xaY8l9KsSuYeQG0sxoLlVDI=
=MR+C
-----END PGP SIGNATURE-----
"
 #P"/home/david/usr/src/sbcl/CL-MODLISP.asdf-install-tmp")
0] 3

The very first time around was a little different because I didn't get
the keys with gpg.  Now I suppose I'm still doing something wrong.  I
tried to edit the trust level up but I still have trouble here.  This
is my key list:

$ gpg --list-keys
/home/david/.gnupg/pubring.gpg
------------------------------
pub  1024D/C4A3823E 2002-04-08 Kevin M. Rosenberg <kmr@...>
uid                            Kevin M. Rosenberg <kevin@...>
uid                            Kevin Rosenberg <kevin@...>
uid                            Kevin Marcus Rosenberg, M.D. <kevin@...>
sub  2048g/460D0A6A 2002-04-08

What do I have to do to avoid being kicked into the debugger?  I know
that I can just continue anyway, but I would like to avoid having to
do this step if I can.

I've never used gpg before and the man page is very long :-(

-- 
I wouldn't mind the rat race so much if it wasn't for all the damn cats.

Re: [Sbcl-help] ASDF-INSTALL matter of trust

From: David Steuber <david@da...> - 2004-04-13 03:21

David Steuber <david@...> writes:

> What do I have to do to avoid being kicked into the debugger?  I know
> that I can just continue anyway, but I would like to avoid having to
> do this step if I can.

*sigh*

I should have just continued.  The next step was being kicked back
into the debugger and offered the opportunity to add Ken as a trusted
individual.

Now my big problem (more RTFM required I expect) is figuring out how
to load the cl-modlisp stuff into sbcl so that I can actaully call
start-apache-listener and see if Apache will talk to sbcl.

-- 
I wouldn't mind the rat race so much if it wasn't for all the damn cats.

[Sbcl-help] Re: ASDF-INSTALL matter of trust

From: Ivan Boldyrev

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 8713 day of my life David Steuber wrote:
> I'm trying out asdf-install which seems really cool.  However, I keep
> getting kicked into the debugger (I'm just running sbcl directly)
> because of this:
>
> debugger invoked on a ASDF-INSTALL::KEY-NOT-TRUSTED in thread 9035:
>   GPG warns that the key id 0x112ECDF2C4A3823E (Kevin M. Rosenberg <kmr@...>) is not fully trusted

Key is not trusted: you do not know if it was created by Kevin
M. Rosenberg or someone else.  PGP/GPG uses Web-Of-Trust model, and
there are no "trusted authorities" such as VeriSign.

Key may be trusted if it is signed by your key or someone by key of
someone else whom you trust.

> You can type HELP for debugger help, or (SB-EXT:QUIT) to exit from SBCL.
>
> restarts (invokable by number or by possibly-abbreviated name):
>   0: [CONTINUE      ] Install the package anyway
>   1: [SKIP-GPG-CHECK] Don't check GPG signature for this package
>   2: [ABORT         ] Reduce debugger level (leaving debugger, returning to
>                       toplevel).
>   3: [TOPLEVEL      ] Restart at toplevel READ/EVAL/PRINT loop.
> (ASDF-INSTALL::VERIFY-GPG-SIGNATURE/STRING
>  "-----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
>
> iD8DBQA/ldOcES7N8sSjgj4RAuGIAJsHxxP7mKT4UBRR5NBlPj3r1lXBPACbBqPF
> xaY8l9KsSuYeQG0sxoLlVDI=
> =MR+C
> -----END PGP SIGNATURE-----
> "
>  #P"/home/david/usr/src/sbcl/CL-MODLISP.asdf-install-tmp")
> 0] 3

asdf-install doesn't want install such package (without signed key)
without your explisit permission.  So, if you really want install it,
you can choose 0.

> What do I have to do to avoid being kicked into the debugger?  I know
> that I can just continue anyway, but I would like to avoid having to
> do this step if I can.

You can sign key (prefferably, locally: you signature is not exported.
You must not make exportable signature for Kevin's key before you
carefully checked that key really belongs to him.).

Avoiding falling into debugger for every package is security problem.
Don't forget that asdf-install works with Cliki and everyone can edit
any page...

> I've never used gpg before and the man page is very long :-(

There is GNU Privacy Handbook at <http://www.gpg.org>.

- -- 
Ivan Boldyrev

                                                  Your bytes are bitten.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.5 (GNU/Linux)

iQEVAwUBQHtelg4ALcwzZFpVAQKBCwf/Wh4dvxy5cu811thhmla9Ts82CyGucM7P
hjp/MQcep8D2F9V6+uwpcGDYbO53oyPyehG0ddDg+zteQmwaWcXcqlr1O4gHuZ3a
sKQgc6p2j1EyMiYG9LlWA5GeRsaUAcE7bgoeo3f3uPfHY065vnEQ+nwgr6pGVthN
pPq4qzqERzxDAtHYHAEU5lVP3dptGF7hjQ5Ishpi/DWKkEFxfWxZ4dsxytnNn9xW
QU6NYK2brWQ65po8dOPS5ofN0UB69m/BtwfOpCw+YroYNHTMR97H6T2ODdXC9WdC
PpbpqpzUn4hn71U9CP1mp9oV53IftGn2BRCk9ec/YGQlLnolWCOdSA==
=hbS9
-----END PGP SIGNATURE-----