Hi Daniel, Really appreciate your help and give me an idea how to get the key from the pgp server.. I only used Ken's key for my last installed version 2.3.16
gpg --verify cyrus-imapd-2.3.16.tar.gz.sig gpg: Signature made Mon 21 Dec 2009 09:34:05 PM HKT using DSA key ID 6581B5F1 gpg: Good signature from "Kenneth S Murchison <mu...@andrew.cmu.edu>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 11C3 B2A6 BF9C F06C 216F 76E7 D0AB 95C1 6581 B5F1 It is hard to find those latest information regarding verification of the software integrity. Thanks. B/R Gene Leung On Thu, Mar 21, 2013 at 7:26 AM, Daniel O'Connor <docon...@gsoft.com.au>wrote: > > On 20/03/2013, at 11:53, Gene Leung <geneleung...@gmail.com> wrote: > > It seems no one care about the public key. Then, why still put the > signature file there for download? Or any other way for verify the > integrity of the download. > > The key is available from gpg.mit.edu > > [midget 9:53] ~ >gpg --recv-keys 9342BF08 > gpg: WARNING: using insecure memory! > gpg: please see http://www.gnupg.org/documentation/faqs.html for more > information > gpg: requesting key 9342BF08 from hkp server pgp.mit.edu > gpg: key 9342BF08: public key "Jeroen van Meeuwen (kanarip) < > kana...@kanarip.com>" imported > gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model > gpg: depth: 0 valid: 1 signed: 3 trust: 0-, 0q, 0n, 0m, 0f, 1u > gpg: depth: 1 valid: 3 signed: 0 trust: 0-, 0q, 0n, 3m, 0f, 0u > gpg: Total number processed: 1 > gpg: imported: 1 > [midget 9:55] ~ >gpg --verify cyrus-imapd-2.4.17.tar.gz.sig > cyrus-imapd-2.4.17.tar.gz > gpg: WARNING: using insecure memory! > gpg: please see http://www.gnupg.org/documentation/faqs.html for more > information > gpg: Signature made Sun 2 Dec 06:33:32 2012 CST using DSA key ID 9342BF08 > gpg: Good signature from "Jeroen van Meeuwen (kanarip) < > kana...@kanarip.com>" > gpg: aka "Jeroen van Meeuwen (GMail) <kana...@gmail.com>" > gpg: aka "Jeroen van Meeuwen (OGD) <j.van.meeu...@ogd.nl>" > gpg: aka "Jeroen van Meeuwen (XS4All) <kana...@xs4all.nl>" > gpg: aka "Jeroen van Meeuwen (GameDrome) < > kana...@gamedrome.com>" > gpg: aka "Jeroen van Meeuwen (PC Zone Clan) < > kana...@pczone-clan.nl>" > gpg: aka "Jeroen van Meeuwen (Fedora Unity) < > kana...@fedoraunity.org>" > gpg: aka "Jeroen van Meeuwen (Fedora Project) < > kana...@fedoraproject.org>" > gpg: aka "Jeroen van Meeuwen (Kolab Systems) (Kolab > Systems AG) <vanmeeu...@kolabsys.com>" > gpg: aka "Jeroen van Meeuwen (Ergo Project) (Ergo Project) > <jeroen.van.meeu...@ergo-project.org>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: C6B0 7FB4 43E6 CDDA D258 F70B 28DE 9FDA 9342 BF08 > > -- > Daniel O'Connor software and network engineer > for Genesis Software - http://www.gsoft.com.au > "The nice thing about standards is that there > are so many of them to choose from." > -- Andrew Tanenbaum > GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C > > > > > > >
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
