nodata said: > A recent scam involving fake updates to Fedora has highlighted the lack > of signed RPMs for Fedora Core. How? Would it make you feel better if the fake updates had installed a signature first? Or told you that you had to install a new key from the fake site? The ONLY thing that signatures tell you is that the RPM has been signed with a particular key, that's it. The only thing that was shown is that there are potentially people that will blindly follow directions from any random e-mail they recieve. (I leave to others to explain the difference between "Fedora Core" RPMs (that are signed) and "Rawhide" RPMs (which may or may not be signed).) -- William Hooper