Lispy

Common Lisp library management in Common Lisp

Introduction

Lispy is a library manager for Common Lisp, written in Common Lisp. All of its dependencies except for GPG (with which maps and releases are signed) are written in portable Common Lisp. With this approach you should only need a Lisp implementation installed to get started. The Lispy project has two goals:

  1. Implement an easy to use, portable library manager.
  2. Provide a wealth of ready to install libraries.

The Lispy project uses an  RSS feed to post news about significant updates to Lispy, new releases and also new libraries available in the maps.

Maps

Lispy uses distributed software maps to locate Common Lisp source libraries. The Lispy project distributes two maps: Official and Experimental. The maps are symbolic expressions (sexps) and are intended to be easy to use and manipulate, and to be transparent.

You may have your own source libraries or other libraries not mapped by the Lispy project. In this case, you can create your own maps or build on maps created by others. Lispy will merge them for you.

Upstream Source

The source archives of all Common Lisp libraries mapped by the Lispy project maps are mirrored to ensure availability. Source archives are modified by the Lispy project in the following cases.

The source archive lacks a version number.
Common Lisp source is frequently distributed in versionless archives. The Lispy project will rename the archive to include the version number or date if no version number is available.
The source needs to be patched in order to work.
The Lispy project creates a patch and sends it upstream as soon as possible.

Security

Lispy release archives and the official maps are signed to ensure tampering cannot occur. The mirrored archives are not signed, but their MD5 sum is included in the maps. Therefore the mirrored archives are protected indirectly by the map's signature.

Signature verification is manual for the Lispy release archives (after all you have to download that for yourself). Support for automatically verifying the signature of the maps Lispy downloads is in CVS.

You may contact the maintainers of the Lispy project in order to establish the authenticity of the signing key. The key ID is 0x7CF49723 and can be found on key servers. e.g.

$ gpg --search-key 0x7CF49723
(1)     Matthew Kennedy <xxxxxxxx@common-lisp.net>
          1024 bit DSA key 7CF49723, created: 2008-01-18
Keys 1-1 of 1 for "0x7CF49723".  Enter number(s), N)ext, or Q)uit > 1
gpg: requesting key 7CF49723 from hkp server subkeys.pgp.net
...
Layout and style inspired by CFFI. Matthew Kennedy, 2008.

Documentation

  • Lispy User Guide
  • Mapping Guide
  • Screen Casts
    • Getting Started (16MB)
    • Upgrading Libraries (3MB)
  • API

Lispy Maps

  • Official (signature)
  • Experimental (signature)

Mailing Lists

  • Announcements
  • Development
  • CVS

Source Code

  • Lispy 0.4 (1004k, signature)
  • Releases
  • CVS
  • Signing Key 0x7CF49723