Over in the older thread [1] , people object that it’s a hassle for gpg to import the appropriate fedora key and then verify the signature. Could that initial import be automated? Could Fedora offer a preinstalled keyring for gpg users? Or maybe drive the verification from another frontend that already knows/trusts the fedora keys, maybe rpm? Or a “fedora-gpg” wrapper that PGPHOME’s the fedora keyrings?
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Security and Usability Issues of Clear Signed Checksum Files | 22 | 248 | August 22, 2024 | |
| Image Checksum not identical | 2 | 361 | October 1, 2023 | |
| Issues with verifying the ISO | 14 | 1578 | June 4, 2024 | |
| Checksum for Fedora41 fails with "17 lines incorrectly formatted" everytime | 2 | 522 | November 5, 2024 | |
| Fedora verification process | 13 | 448 | February 3, 2025 |