Hi, cyrus-imapd releases are signed by the individual doing the release. That's generally been me for the last however many years.
My public key is registered with the MIT PGP Key Server. They have a very minimal web interface at http://pgp.mit.edu (though in my experience it's very slow at best, and often seems to not work). You should be able to configure your gpg or pgp tool to check signatures against a key server, or fetch public keys from a key server, etc. It might already be configured to use some other server(s), so you might need to add the MIT one to your list. Supposedly some key servers share keys among themselves, so even if you don't use the MIT one directly, whichever you do use might also know about keys registered with the MIT one. But it's been a long time since I set any of this up myself, and I've long since forgotten the details -- sorry I can't provide more specific instructions! I'm not sure how cyrus-sasl releases are signed (not by me, anyway). Maybe someone from that group can chime in if their process differs from ours. Cheers, ellie On Wed, 18 Jan 2023, at 1:26 AM, geo...@xorgate.com wrote: > What or where is the pgp public key used to sign cyrus files? > > NOTE: I submitted a feedback suggestion to github to query publishers to > provide information about their public key if they provide <project-file>.sig > files. > > *Cyrus <https://cyrus.topicbox.com/latest>* / Devel / see discussions > <https://cyrus.topicbox.com/groups/devel> + participants > <https://cyrus.topicbox.com/groups/devel/members> + delivery options > <https://cyrus.topicbox.com/groups/devel/subscription> Permalink > <https://cyrus.topicbox.com/groups/devel/Tdbccaf5729785764-M4a3f76b622115c76a3861386> ------------------------------------------ Cyrus: Devel Permalink: https://cyrus.topicbox.com/groups/devel/Tdbccaf5729785764-M615abe32b79d049cfd3842cb Delivery options: https://cyrus.topicbox.com/groups/devel/subscription
