On 11.06.2021 09:42, Huzaifa Sidhpurwala wrote:
One possible step in this direction is the ability to ensure that there is no distribution point tampering of binaries shipped in Fedora.
All RPM packages are already digitally signed by Fedora GPG keys. No further actions is required.
If someone MITM replaces the RPM package, it will fail the gpg signature check and will not be installed.
-- Sincerely, Vitaly Zaitsev (vitaly@xxxxxxxxxxxxxx) _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure