On Wed, 2013-03-20 at 09:23 +0800, Gene Leung wrote: > It seems no one care about the public key. Then, why still put the > signature file there for download? Or any other way for verify the > integrity of the download. "no one cares" is a bit harsh for 24hrs without a response. This list is primarily people who use / administer Cyrus IMAPd. And I'd wager most of those people use Cyrus from a package. Packagers are ones who care most about things like checksums, and they probably don't pay much attention to this list. I also wouldn't be surprised these days if packagers didn't work directly from a git checkout and just skipped the tgz. > Any where I can find the pubic key for verify the files downloaded of > the Cyrus IMAP software? Anyway, nope, I do not see a checksum/sumkey at ftp://ftp.cyrusimap.org/cyrus-imapd/ ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
