Public Key for Cyrus IMAPD

Daniel O'Connor doconnor at gsoft.com.au
Wed Mar 20 19:26:33 EDT 2013 

On 20/03/2013, at 11:53, Gene Leung <geneleung818 at gmail.com> wrote:
> It seems no one care about the public key.  Then, why still put the signature file there for download?  Or any other way for verify the integrity of the download.

The key is available from gpg.mit.edu

[midget 9:53] ~ >gpg --recv-keys 9342BF08
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/documentation/faqs.html for more information
gpg: requesting key 9342BF08 from hkp server pgp.mit.edu
gpg: key 9342BF08: public key "Jeroen van Meeuwen (kanarip) <kanarip at kanarip.com>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
gpg: depth: 0  valid:   1  signed:   3  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   3  signed:   0  trust: 0-, 0q, 0n, 3m, 0f, 0u
gpg: Total number processed: 1
gpg:               imported: 1
[midget 9:55] ~ >gpg --verify cyrus-imapd-2.4.17.tar.gz.sig cyrus-imapd-2.4.17.tar.gz
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/documentation/faqs.html for more information
gpg: Signature made Sun  2 Dec 06:33:32 2012 CST using DSA key ID 9342BF08
gpg: Good signature from "Jeroen van Meeuwen (kanarip) <kanarip at kanarip.com>"
gpg:                 aka "Jeroen van Meeuwen (GMail) <kanarip at gmail.com>"
gpg:                 aka "Jeroen van Meeuwen (OGD) <j.van.meeuwen at ogd.nl>"
gpg:                 aka "Jeroen van Meeuwen (XS4All) <kanarip at xs4all.nl>"
gpg:                 aka "Jeroen van Meeuwen (GameDrome) <kanarip at gamedrome.com>"
gpg:                 aka "Jeroen van Meeuwen (PC Zone Clan) <kanarip at pczone-clan.nl>"
gpg:                 aka "Jeroen van Meeuwen (Fedora Unity) <kanarip at fedoraunity.org>"
gpg:                 aka "Jeroen van Meeuwen (Fedora Project) <kanarip at fedoraproject.org>"
gpg:                 aka "Jeroen van Meeuwen (Kolab Systems) (Kolab Systems AG) <vanmeeuwen at kolabsys.com>"
gpg:                 aka "Jeroen van Meeuwen (Ergo Project) (Ergo Project) <jeroen.van.meeuwen at ergo-project.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: C6B0 7FB4 43E6 CDDA D258  F70B 28DE 9FDA 9342 BF08

--
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
  -- Andrew Tanenbaum
GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C

More information about the Info-cyrus mailing list