-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 02/07/2019 10.15 PM, Sphere wrote:
> [...]
> 
> 5. Picking only update sources that you could trust. IDK about
> debian but in fedora, by default, all updates are grabbed from
> mirrors and alot of those only support http which is bloody
> insecure thanks to being just plaintext and susceptible to MITM
> attacks.
> 
> [...]

Fedora packages are digitally signed. dnf checks the signature by
default. If the signature is not valid, the package will not be
installed.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl0cPUIACgkQ203TvDlQ
MDAn3g//fuZSym+J6RDgO6/gNBL2P+73EAZ9lRaiFc66ozwF0+fQsRqrGQgZz1TB
M8QA7h1Tp71JPNnXGRzZHe0XvWNLazZmr3hBiZ3fSpZelEgHUAdROUY+zAJg1J+L
ub87MFpTqqUxn/d+jp52OXbFNP2jy7mY3/aMypuI0R+y9K8uaNhwUoSJGLSLb6+r
jHFn9LIrG4txqCoCcSGMSi4/tppt12/g6c4EpRNGKbf556Iaxtikv8ar0WbLc7ke
AQRaP4Rbm9rLksiKx8n4fhMnF8jhBJ/7Obn/sLMYRy7n/gFqoVTECeB5KMW2Syqe
EZHz954rItZRJPyiwpsa0TmZ018K0kN3CSgxPqXVqIQdK2aq9xhUqxUtE8zg3B7Q
7TW1Aqv81Gif1Y0UFfCUKxMoQzSWD7FfhVVr6reZL2pSHFQ/rt8JbgG2XkYSM/IO
UFf8+HUzxhmbiq68MA50zhJ7mPp9KTw3RaG19CviBxNrS5PgjYIBTbpykhE2/Qho
Sv5x46l640MUgBGhnQyVCJunlAAOOyCDe8JaHnfqYmenw8abTe3REWxUa+04Qt31
U+xtVV9/CmEW3qTw9qUFxytUSsy3Xkd5l8pbuqBHlUbuNDtbd95NZhc7wc7Xr7OE
ABtfT6WzwbdbsWdc/67/Ry8VdXkIQKPoczeNMgzadLIQ1Ww6+Mw=
=Gxzq
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/476e4a1b-2689-d4f8-d124-34ea290ba733%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Reply via email to