-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On 2020-09-05 12:35 PM, 'awokd' via qubes-users wrote: > If you're concerned about Fedora's lack of signing, switch to > Debian templates, or some other that has signing. This is a misconception. Fedora packages are absolutely cryptographically signed by PGP keys. The signature verification must succeed, or else the package will not be updated or installed. You can prove this for yourself by temporarily moving/renaming the signing keys, then trying to install a package. The real issue is about signing repo metadata. See these threads: https://groups.google.com/g/qubes-users/c/HHedtfDFdj4/m/dap-D0nwEwAJ https://groups.google.com/g/qubes-users/c/cNwCH3rcIGk/m/grr1yJktDAAJ https://groups.google.com/g/qubes-users/c/X0GvIdpQtcM/m/Tey9k_geWGUJ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl9Wt2YACgkQ203TvDlQ MDAcSQ//Z4gXnuTfz2GyFTycvJ2wsoLdI24SbM8f6+jron8tlFEo9hcjWF4leM/d DlvT7sVGX94XBbe8gdsYIFQbNXCknq5d4F89jDnxHLpe/vQtZ23VSBzE81yGZjTq WU1fCclQD3pMhASYna8u4o+TcYe3RfbLqSaq3HfVhtFMsYXaZLp6MKbVAWtLcXXz VeBAnOft/E7HJeBtZQQj66zgsbdzjKvcm8ot+dE/VrTZ8ohX+P6uXca04G2Z4G90 oyRgpIFr4u+3EORNap7R2Cr44U7WZBI4Wv9bcXkZZcC4yxSetD1hYkl9bhC8a8GV iJhFu/Y5Utowfj3IeXb17Bt724YeNhTJUO9hGrN4W16+XmIPmF7Vy2yNS196NipQ NkW6dXw7CDDLjBFMr+Uv5S1sjCGT1TVGLolfkZt4MlAeGlNYw8gjnVQx7fzE7Vnf RRE4ckPmtJRf1FU3/ONaowhQ/RCxakJqF3CSoaf7+Wg++mqu02/jm5d/0AMrB7Ib /iVm1Ztc1DAqe7GGMQGl2uWAGFg6RuEmgxWInwFnuCzOm/LId2bRI2PI52PQAEJl A+F4MbhuiHeG4WRMZOKCwRZgHaNGE8Zk3wj9q9BE5dAPm/+OWpc6GmKnRfckBxwo 8ZEzgOkBgkmd0WMGjMQGXlvosj4irRtycUpUi+ByWSHzRNqF/MU= =eHe6 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d0c4aa78-dc42-dbb9-88d3-664eb64e602a%40qubes-os.org.
