Fork me on GitHub
#cljs-dev
<
2016-09-10
>
danielcompton20:09:47

@xcthulhu: the challenge with verifying GPG sigs is what you anchor that trust to

danielcompton20:09:03

You need a web of trust to get any meaningful benefit from verifying JAR sigs. It's analogous to specifying SSL everywhere in your browser, but accepting self signed certs.

darwin20:09:10

we have to wait for http://keybase.io to take over the world 🙂