Post · bonfire.cafe

🔐 Looks harmless at first, I hope there's not a more sinister motive behind this.

｢ In practice, this means users won’t be able to install unsigned RPMs unless they explicitly override the verification process with the --nosignature flag or a corresponding API call ｣

https://linuxiac.com/fedora-plans-to-block-unsigned-rpm-packages-by-default/

#fedora #cybersecurity #opensource

Linuxiac

Fedora Plans to Block Unsigned RPM Packages by Default

Fedora developers propose enforcing RPM signature checks by default in Fedora 44, pending FESCo review and approval.

Klara! ❤️

@boo_@im-in.space replied · yesterday

@jbz

I think it's good to have packages signed and for the user to be aware that they are installing an unsigned package if they are. Most developers are already signing their packages and everyone should if they are distributing for others to use.

As long as it can be any key, and not Fedora's key, it's fine and even desirable imo.

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.0-rc.3.21 no JS en

Automatic federation enabled