On 11.06.2021 09:42, Huzaifa Sidhpurwala wrote:
One possible step in this direction is the ability to ensure that there is no distribution point tampering of binaries shipped in Fedora.
All RPM packages are already digitally signed by Fedora GPG keys. No further actions is required.
If someone MITM replaces the RPM package, it will fail the gpg signature check and will not be installed.
-- Sincerely, Vitaly Zaitsev ([email protected]) _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
