Really appreciate your help and give me an idea how to get the key from the pgp server.. I only used Ken's key for my last installed version 2.3.16
gpg --verify cyrus-imapd-2.3.16.tar.gz.sig
gpg: Signature made Mon 21 Dec 2009 09:34:05 PM HKT using DSA key ID 6581B5F1
gpg: Good signature from "Kenneth S Murchison <murch@xxxxxxxxxxxxxx>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 11C3 B2A6 BF9C F06C 216F 76E7 D0AB 95C1 6581 B5F1
It is hard to find those latest information regarding verification of the software integrity. Thanks.
B/R
Gene Leung
On Thu, Mar 21, 2013 at 7:26 AM, Daniel O'Connor <doconnor@xxxxxxxxxxxx> wrote:
The key is available from gpg.mit.edu
On 20/03/2013, at 11:53, Gene Leung <geneleung818@xxxxxxxxx> wrote:
> It seems no one care about the public key. Then, why still put the signature file there for download? Or any other way for verify the integrity of the download.
[midget 9:53] ~ >gpg --recv-keys 9342BF08
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/documentation/faqs.html for more information
gpg: requesting key 9342BF08 from hkp server pgp.mit.edu
gpg: key 9342BF08: public key "Jeroen van Meeuwen (kanarip) <kanarip@xxxxxxxxxxx>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
gpg: depth: 0 valid: 1 signed: 3 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 3 signed: 0 trust: 0-, 0q, 0n, 3m, 0f, 0u
gpg: Total number processed: 1
gpg: imported: 1
[midget 9:55] ~ >gpg --verify cyrus-imapd-2.4.17.tar.gz.sig cyrus-imapd-2.4.17.tar.gz
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/documentation/faqs.html for more information
gpg: Signature made Sun 2 Dec 06:33:32 2012 CST using DSA key ID 9342BF08
gpg: Good signature from "Jeroen van Meeuwen (kanarip) <kanarip@xxxxxxxxxxx>"
gpg: aka "Jeroen van Meeuwen (GMail) <kanarip@xxxxxxxxx>"
gpg: aka "Jeroen van Meeuwen (OGD) <j.van.meeuwen@xxxxxx>"
gpg: aka "Jeroen van Meeuwen (XS4All) <kanarip@xxxxxxxxx>"
gpg: aka "Jeroen van Meeuwen (GameDrome) <kanarip@xxxxxxxxxxxxx>"
gpg: aka "Jeroen van Meeuwen (PC Zone Clan) <kanarip@xxxxxxxxxxxxxx>"
gpg: aka "Jeroen van Meeuwen (Fedora Unity) <kanarip@xxxxxxxxxxxxxxx>"
gpg: aka "Jeroen van Meeuwen (Fedora Project) <kanarip@xxxxxxxxxxxxxxxxx>"
gpg: aka "Jeroen van Meeuwen (Kolab Systems) (Kolab Systems AG) <vanmeeuwen@xxxxxxxxxxxx>"
gpg: aka "Jeroen van Meeuwen (Ergo Project) (Ergo Project) <jeroen.van.meeuwen@xxxxxxxxxxxxxxxx>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C6B0 7FB4 43E6 CDDA D258 F70B 28DE 9FDA 9342 BF08
--
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
-- Andrew Tanenbaum
GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
