Public Key for Cyrus IMAPD

Gene Leung geneleung818 at gmail.com
Thu Mar 21 02:28:15 EDT 2013 

Hi Daniel,

Really appreciate your help and give me an idea how to get the key from the
pgp server..  I only used Ken's key for my last installed version 2.3.16

gpg --verify cyrus-imapd-2.3.16.tar.gz.sig
gpg: Signature made Mon 21 Dec 2009 09:34:05 PM HKT using DSA key ID
6581B5F1
gpg: Good signature from "Kenneth S Murchison <murch at andrew.cmu.edu>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 11C3 B2A6 BF9C F06C 216F  76E7 D0AB 95C1 6581 B5F1

It is hard to find those latest information regarding verification of the
software integrity.  Thanks.

B/R
Gene Leung


On Thu, Mar 21, 2013 at 7:26 AM, Daniel O'Connor <doconnor at gsoft.com.au>wrote:

>
> On 20/03/2013, at 11:53, Gene Leung <geneleung818 at gmail.com> wrote:
> > It seems no one care about the public key.  Then, why still put the
> signature file there for download?  Or any other way for verify the
> integrity of the download.
>
> The key is available from gpg.mit.edu
>
> [midget 9:53] ~ >gpg --recv-keys 9342BF08
> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/documentation/faqs.html for more
> information
> gpg: requesting key 9342BF08 from hkp server pgp.mit.edu
> gpg: key 9342BF08: public key "Jeroen van Meeuwen (kanarip) <
> kanarip at kanarip.com>" imported
> gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
> gpg: depth: 0  valid:   1  signed:   3  trust: 0-, 0q, 0n, 0m, 0f, 1u
> gpg: depth: 1  valid:   3  signed:   0  trust: 0-, 0q, 0n, 3m, 0f, 0u
> gpg: Total number processed: 1
> gpg:               imported: 1
> [midget 9:55] ~ >gpg --verify cyrus-imapd-2.4.17.tar.gz.sig
> cyrus-imapd-2.4.17.tar.gz
> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/documentation/faqs.html for more
> information
> gpg: Signature made Sun  2 Dec 06:33:32 2012 CST using DSA key ID 9342BF08
> gpg: Good signature from "Jeroen van Meeuwen (kanarip) <
> kanarip at kanarip.com>"
> gpg:                 aka "Jeroen van Meeuwen (GMail) <kanarip at gmail.com>"
> gpg:                 aka "Jeroen van Meeuwen (OGD) <j.van.meeuwen at ogd.nl>"
> gpg:                 aka "Jeroen van Meeuwen (XS4All) <kanarip at xs4all.nl>"
> gpg:                 aka "Jeroen van Meeuwen (GameDrome) <
> kanarip at gamedrome.com>"
> gpg:                 aka "Jeroen van Meeuwen (PC Zone Clan) <
> kanarip at pczone-clan.nl>"
> gpg:                 aka "Jeroen van Meeuwen (Fedora Unity) <
> kanarip at fedoraunity.org>"
> gpg:                 aka "Jeroen van Meeuwen (Fedora Project) <
> kanarip at fedoraproject.org>"
> gpg:                 aka "Jeroen van Meeuwen (Kolab Systems) (Kolab
> Systems AG) <vanmeeuwen at kolabsys.com>"
> gpg:                 aka "Jeroen van Meeuwen (Ergo Project) (Ergo Project)
> <jeroen.van.meeuwen at ergo-project.org>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: C6B0 7FB4 43E6 CDDA D258  F70B 28DE 9FDA 9342 BF08
>
> --
> Daniel O'Connor software and network engineer
> for Genesis Software - http://www.gsoft.com.au
> "The nice thing about standards is that there
> are so many of them to choose from."
>   -- Andrew Tanenbaum
> GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20130321/d9197c00/attachment.html

More information about the Info-cyrus mailing list