Hi Daniel,
Really appreciate your help and give me an idea how to get the key from the
pgp server.. I only used Ken's key for my last installed version 2.3.16
gpg --verify cyrus-imapd-2.3.16.tar.gz.sig
gpg: Signature made Mon 21 Dec 2009 09:34:05 PM HKT using DSA key ID
6581B5F1
gpg: Good signature from Kenneth S Murchison mu...@andrew.cmu.edu
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 11C3 B2A6 BF9C F06C 216F 76E7 D0AB 95C1 6581 B5F1
It is hard to find those latest information regarding verification of the
software integrity. Thanks.
B/R
Gene Leung
On Thu, Mar 21, 2013 at 7:26 AM, Daniel O'Connor docon...@gsoft.com.auwrote:
On 20/03/2013, at 11:53, Gene Leung geneleung...@gmail.com wrote:
It seems no one care about the public key. Then, why still put the
signature file there for download? Or any other way for verify the
integrity of the download.
The key is available from gpg.mit.edu
[midget 9:53] ~ gpg --recv-keys 9342BF08
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/documentation/faqs.html for more
information
gpg: requesting key 9342BF08 from hkp server pgp.mit.edu
gpg: key 9342BF08: public key Jeroen van Meeuwen (kanarip)
kana...@kanarip.com imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
gpg: depth: 0 valid: 1 signed: 3 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 3 signed: 0 trust: 0-, 0q, 0n, 3m, 0f, 0u
gpg: Total number processed: 1
gpg: imported: 1
[midget 9:55] ~ gpg --verify cyrus-imapd-2.4.17.tar.gz.sig
cyrus-imapd-2.4.17.tar.gz
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/documentation/faqs.html for more
information
gpg: Signature made Sun 2 Dec 06:33:32 2012 CST using DSA key ID 9342BF08
gpg: Good signature from Jeroen van Meeuwen (kanarip)
kana...@kanarip.com
gpg: aka Jeroen van Meeuwen (GMail) kana...@gmail.com
gpg: aka Jeroen van Meeuwen (OGD) j.van.meeu...@ogd.nl
gpg: aka Jeroen van Meeuwen (XS4All) kana...@xs4all.nl
gpg: aka Jeroen van Meeuwen (GameDrome)
kana...@gamedrome.com
gpg: aka Jeroen van Meeuwen (PC Zone Clan)
kana...@pczone-clan.nl
gpg: aka Jeroen van Meeuwen (Fedora Unity)
kana...@fedoraunity.org
gpg: aka Jeroen van Meeuwen (Fedora Project)
kana...@fedoraproject.org
gpg: aka Jeroen van Meeuwen (Kolab Systems) (Kolab
Systems AG) vanmeeu...@kolabsys.com
gpg: aka Jeroen van Meeuwen (Ergo Project) (Ergo Project)
jeroen.van.meeu...@ergo-project.org
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: C6B0 7FB4 43E6 CDDA D258 F70B 28DE 9FDA 9342 BF08
--
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
The nice thing about standards is that there
are so many of them to choose from.
-- Andrew Tanenbaum
GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus