Alternative Fedora Project (alt.fedoraproject.org)

Hello, dear Fedora community! I wanna ask you about alt.fedoraproject.org.

  1. Is alt.fedoraproject.org safe and officially supported by Fedora Project? Are all downloads on alt.fedoraproject.org free and free of charge?
  2. I have read this on Wikipedia about Fedora (Fedora Linux - Wikipedia) in Alternatives subtitle : In addition, all acceptable licenses for Fedora Linux (including copyright, trademark, and patent licenses) must be applicable not only to Red Hat or Fedora, but also to all recipients downstream. This means that any “Fedora-only” licenses, or licenses with specific terms that Red Hat or Fedora meets but that other recipients would not are not acceptable (and almost certainly non-free, as a result). What that means?
  3. How can I verify my iso from alt.fedoraproject.org? Can I use same steps like in fedoraproject.org? I mean:

Verify your download for security and integrity using the proper checksum file. If there is a good signature from one of the Fedora keys, and the SHA256 checksum matches, then the download is valid.

  • Download the checksum file into the same directory as the image you downloaded.
  • Import Fedora’s GPG key(s)
curl -O https://fedoraproject.org/fedora.gpg
  • You can verify the details of the GPG key(s) here.
  • Verify the checksum file is valid
gpgv --keyring ./fedora.gpg Fedora-Spins-39-1.5-x86_64-CHECKSUM
  • Verify the checksum matches
sha256sum -c Fedora-Spins-39-1.5-x86_64-CHECKSUM

If the output states that the file is valid, then it’s ready to use!

Or I should use specific GPG not from https://fedoraproject.org/fedora.gpg

It is basically the real Fedora packaged in another way. Here you find Fedora for Arm or Power, and you can find the Netinstall iso where you can pick and chose the components you want to install, including desktop environments which are not available as a spin iso.

The licenses are the same as for any other downloadable iso image.

You verify the downloaded isos the same way as for any other iso.

2 Likes

How can I verify my iso from alt.fedoraproject.org? Can I use same steps like in fedoraproject.org? I mean:


Verify your download for security and integrity using the proper checksum file. If there is a good signature from one of the Fedora keys, and the SHA256 checksum matches, then the download is valid.

  • Download the checksum file into the same directory as the image you downloaded.
  • Import Fedora’s GPG key(s)
curl -O https://fedoraproject.org/fedora.gpg
  • You can verify the details of the GPG key(s) here.
  • Verify the checksum file is valid
gpgv --keyring ./fedora.gpg Fedora-Spins-39-1.5-x86_64-CHECKSUM
  • Verify the checksum matches
sha256sum -c Fedora-Spins-39-1.5-x86_64-CHECKSUM

If the output states that the file is valid, then it’s ready to use!

Or I should use specific GPG not from https://fedoraproject.org/fedora.gpg

Commands and the GPG key are the same. You only need a different CHECKSUM file to match what you want to verify.

2 Likes