On 11.06.2021 09:42, Huzaifa Sidhpurwala wrote:
One possible step in this direction is the ability to ensure that
there
is no distribution point tampering of binaries shipped in Fedora.
All RPM packages are already digitally signed by Fedora GPG keys. No
further actions is required.
If someone MITM replaces the RPM package, it will fail the gpg signature
check and will not be installed.
--
Sincerely,
Vitaly Zaitsev (vitaly(a)easycoding.org)