A recent scam involving fake updates to Fedora has highlighted the lack of signed RPMs for Fedora Core. "Red Hat has been made aware that emails are circulating that pretend to come from the Red Hat Security Team" [..] "All official updates for Red Hat products are digitally signed and should not be installed unless they are correctly signed and the signature is verified." -- http://www.redhat.com/security/ It's possibly that some of the people testing Fedora Core are connected to a network of machines that they'd rather not put at risk. It might also be possible that a user testing Fedora Core could even use the same password as another machine connected to that network. Perhaps some users of Fedora Core also have personal information stored on the machine which FC is installed on. I posted a bug. I got a reply, from Duke: "1. fedora core is not a product, it is a project. 2. releases from rawhide are not official." -- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136461 What does the list think about signed RPMs - are they unnecessary for a community project, or are they useful?