Zach Beane

Failure log here: http://report.quicklisp.org/2022-01-29/failure-report/cl-lib-helper.html

That's the current design. It works that way to ensure that Quicklisp is always loaded through setup.lisp, and not directly through ASDF. I've recently decided to change how this works,...

Does dexador signal an error when connecting to a site that presents invalid TLS (e.g. expired cert, bogus cert, bad hostname, etc)?

How about these: * https://expired.badssl.com/ * https://wrong.host.badssl.com/ * https://untrusted-root.badssl.com/ * https://revoked.badssl.com/

Thank you for checking. Is there any way to improve the wrong.host and revoked results?

Failure log here: http://report.quicklisp.org/2022-06-09/failure-report/extensible-compound-types.html

Does this come up in practice somehow?

I see, I'll try to improve the error detection then.

Thanks for taking the time to send feedback. I like these ideas. For 1 and 2, I think it might work to use the "prefix" value from releases.txt as the...

Or maybe I need to make the validation more pluggable, so that digests+PGP are the default option, but a custom dist can handle things differently.