Client updatesedit There is a problem with the update. If you're having a problem related to client-info.sexp, I'll post a fix shortly. Sorry about the hassle!
The Quicklisp client updates I described last week are now part of Quicklisp. If you install Quicklisp from scratch with today you will be using the new client versioning system. To update an existing Quicklisp installation, use(ql:update-client).
This update provides several new options in quicklisp-quickstart:install:
- :dist-url can be used to specify the initial dist version to use at installation time. Valid URLs can be obtained from an existing Quicklisp installation by evaluating one of the new functions (ql:dist-url "quicklisp") or (ql:available-dist-versions "quicklisp")
- :client-url can be used to specify the initial client version to use at installation time. Valid URLs can be obtained from an existing Quicklisp installation by evaluating one of the new functions (ql:client-url) or (ql:available-client-versions)
There is also a new function, (ql:install-client :url url), that can be used to change the client version of an existing Quicklisp installation.
The ability to easily install (or go back to) a known-working client sets the stage for a pretty big Quicklisp client change. In the next few days I'm going to update Quicklisp to require ASDF 3, which it will fetch automatically if needed. If that change breaks your project, you will have a safety net: you can always go back to the previous version of the Quicklisp client. (If it breaks too many projects, Quicklisp itself will go back to a previous version of ASDF.)
If you have any trouble with this new Quicklisp setup, please let me know at email@example.com. You can also discuss it on the mailing list or talk to me in realtime (if I'm around) in #quicklisp on freenode.
I have created a new GPG key, firstname.lastname@example.org, for signing Quicklisp-related programs and metadata. You can get the key from various keyservers, i.e. "gpg --keyserver pgp.mit.edu --recv-keys 028B5FF7", or from http://beta.quicklisp.org/release-key.txt.
Here are some examples of signed files:
- http://beta.quicklisp.org/quicklisp.lisp (signature)
- http://beta.quicklisp.org/client/quicklisp.sexp (signature)
- http://beta.quicklisp.org/dist/quicklisp.txt (signature)
- http://beta.quicklisp.org/dist/quicklisp/2014-01-13/releases.txt (signature)
In general, if a the file at URL "http://beta.quicklisp.org/whatever" has a signature, it is the same URL with ".asc" appended, e.g. "http://beta.quicklisp.org/whatever.asc". If you fetch both files, you can verify the signature with "gpg --verify whatever.asc whatever".
The Quicklisp client code does not yet verify signatures, but you may use these signatures to independently verify the Quicklisp code and metadata you have fetched. A future Quicklisp update will provide more built-in cryptographic verification.